Ad-Aware service will not run. I have tried all the available tricks to make it work from the Ad-Aware forum, none of them work or apply in this case. The service is there, it is set to automatic, but it is not running and I get an 'Error 5: Access is Denied' when I try and start the service.
HJT will not install, I have HJTinstall.exe when I run it 'HJTInstall.exe' appears in the processes but nothing happens.
As a side note, and a probably related note, other such programs are also behaving strangely when installed. For instance I install a program that is well known for removing spyware and when I install it, it will begin to work, then shortly after it will close, and the shortcut icon will take on the appearance of a deleted file....imagine you delete a program from your program files but leave the shortcut on the desktop, the plain white box icon, that is how these icons appear.
They also give me the message if I attempt to run them from the shortcut...
"Windows cannot access the specified device, path, or file. You may not have teh appropriate premissions to access the item."
I have also noticed while watching my windows task manager that the Process "iexplore.exe" keeps appearing and can appear multiple times. I use Mozilla and do not use Internet Explorer so not sure if it is a windows requirement but thought I would mention it.
Any help greatly appreciated.
I am using Windows XP Pro with Service Pack 2.
Full Version: Ad-Aware and HJT will not run
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi,
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Running from: C:\Documents and Settings\Fong\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Fong\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\windows'...
Cannot access: C:\windows\system32\dumprep.exe
[1] 2004-08-03 23:56:50 10752 C:\windows\system32\dllcache\dumprep.exe (Microsoft Corporation)
[1] 2004-08-03 23:56:50 10752 C:\windows\system32\dumprep.exe ()
Cannot access: C:\windows\system32\eventlog.dll
[1] 2004-08-03 23:56:44 55808 C:\windows\system32\dllcache\eventlog.dll (Microsoft Corporation)
[1] 2004-08-03 23:56:44 61952 C:\windows\system32\eventlog.dll ()
[2] 2004-08-03 23:56:44 55808 C:\windows\system32\logevent.dll (Microsoft Corporation)
Finished!
Log file at : C:\Documents and Settings\Fong\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\windows'...
Cannot access: C:\windows\system32\dumprep.exe
[1] 2004-08-03 23:56:50 10752 C:\windows\system32\dllcache\dumprep.exe (Microsoft Corporation)
[1] 2004-08-03 23:56:50 10752 C:\windows\system32\dumprep.exe ()
Cannot access: C:\windows\system32\eventlog.dll
[1] 2004-08-03 23:56:44 55808 C:\windows\system32\dllcache\eventlog.dll (Microsoft Corporation)
[1] 2004-08-03 23:56:44 61952 C:\windows\system32\eventlog.dll ()
[2] 2004-08-03 23:56:44 55808 C:\windows\system32\logevent.dll (Microsoft Corporation)
Finished!
Sorry for delay in posting I was in Uni all day yesterday and then a friend came back and we got quite drunk. I should be around all weekend though and will be watching this thread.
Thanks for taking the time to help.
Thanks for taking the time to help.
Hi,
Time for the next steps
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
Time for the next steps
- Download The Avenger by Swandog46 from here.
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
CODEFiles to move:
C:\windows\system32\logevent.dll|C:\windows\system32\eventlog.dll
- In the avenger window, click the Paste Script from Clipboard,
button.
- Click the Execute button.
- You will be asked Are you sure you want to execute the current script?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
- If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
Logfile of The Avenger Version 2.0, © by
Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "rjbdive" found!
DisplayName: rjbdive
ImagePath:
\??\C:\windows\system32\drivers\ndhgcng.sys
Start Type: 2 (Automatic)
Hidden driver "a7of9ipd" found!
Start Type: 3 (Manual)
Rootkit scan completed.
File move operation
"C:\windows\system32\logevent.dll|C:\windows\system
32\eventlog.dll" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
----------------------------------------------------------------------------------------------------------------
Running from: C:\Documents and Settings\Fong\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Fong\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\windows'...
Cannot access: C:\windows\system32\dumprep.exe
Attempting to restore permissions of : C:\windows\system32\dumprep.exe
Finished!
Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "rjbdive" found!
DisplayName: rjbdive
ImagePath:
\??\C:\windows\system32\drivers\ndhgcng.sys
Start Type: 2 (Automatic)
Hidden driver "a7of9ipd" found!
Start Type: 3 (Manual)
Rootkit scan completed.
File move operation
"C:\windows\system32\logevent.dll|C:\windows\system
32\eventlog.dll" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
----------------------------------------------------------------------------------------------------------------
Running from: C:\Documents and Settings\Fong\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Fong\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\windows'...
Cannot access: C:\windows\system32\dumprep.exe
Attempting to restore permissions of : C:\windows\system32\dumprep.exe
Finished!
Hi,
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.Save both reports to your desktop. Post them back to your topic.
Download GMER here by clicking download exe -button and then saving it your desktop:
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
Download GMER here by clicking download exe -button and then saving it your desktop:
- Double-click .exe that you downloaded
- Click rootkit-tab and then scan.
- Don't check
Show All
box while scanning in progress! - When scanning is ready, click Copy.
- This copies log to clipboard
- Post log in your reply.
GMER said..to paraphrase
Your system may have been changed...do you want to do a full scan.
I said yes and it is doing that full scan now. I am not sure if that was correct.
The scan is very large. Do you still want me to press copy and paste it into a post?
DDS
DDS (Ver_09-09-29.01) - NTFSx86
Run by Fong at 15:51:41.85 on 09/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2609 [GMT 1:00]
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Fong\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Spyware Doctor]
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
dRun: [Monopod] c:\windows\temp\a.exe
dRun: [braviax] c:\windows\system32\braviax.exe
dRun: [PopRock] c:\windows\temp\a.exe
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - c:\progra~1\easywe~1\easywebcam.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\fong\applic~1\mozilla\firefox\profiles\32gmq8fn.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.binsearch.info/
FF - plugin: c:\documents and settings\fong\local settings\application data\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-7 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-14 130424]
R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);c:\windows\system32\drivers\pe3ahqjb.sys [2007-3-29 64896]
R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);c:\windows\system32\drivers\ps6ahqjb.sys [2007-3-29 52616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-7 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2006-8-1 50048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-7 20560]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-6-14 21904]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-22 55640]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-6-14 28560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-2-10 33792]
S1 lzx32;Win23 lzx files load;\??\c:\windows\system32:lzx32.sys --> c:\windows\system32:lzx32.sys [?]
S1 pe386;Win23 lzx files loader;\??\c:\windows\system32:lzx32.sys --> c:\windows\system32:lzx32.sys [?]
S2 Spoolermnmsrvc;Print Spooler Spoolermnmsrvc;c:\windows\temp\mtkrqxmehy.exe srv --> c:\windows\temp\mtkrqxmehy.exe srv [?]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [2003-1-3 210792]
S3 ENDETECT;ENDETECT;\??\d:\release\endetect.sys --> d:\release\ENDETECT.SYS [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-8-1 14095]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\multi password recovery\mpr_freader.sys --> c:\program files\multi password recovery\mpr_freader.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 pae_1394;pae_1394;c:\windows\system32\drivers\pae_1394.sys [2008-6-9 123440]
S3 pae_avs;pae_avs;c:\windows\system32\drivers\pae_avs.sys [2008-6-9 51248]
S3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.sys [2006-7-31 27136]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TAPBIND;TAPBIND;\??\d:\release\tapbind1.sys --> d:\release\TAPBIND1.SYS [?]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\drivers\O4501U.sys [2008-3-5 408064]
S3 XDva147;XDva147;\??\c:\windows\system32\xdva147.sys --> c:\windows\system32\XDva147.sys [?]
S4 AlerterALG;Alerter AlerterALG;c:\windows\temp\llsstudsdj.exe service --> c:\windows\temp\llsstudsdj.exe service [?]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-7 138680]
S4 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-7 254040]
S4 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-7 352920]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S4 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-6-14 826600]
S4 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);c:\windows\system32\pr2ahqjb.exe svc --> c:\windows\system32\pr2ahqjb.exe svc [?]
S4 xmlprovxmlprov;Network Provisioning Service xmlprovxmlprov;c:\windows\system32\agcpanelfrenchq.exe srv --> c:\windows\system32\AgCPanelFrenchq.exe srv [?]
SUnknown rjbdive;rjbdive; [x]
=============== Created Last 30 ================
2009-10-08 18:11 233 a--s---- c:\windows\system32\1653416476.dat
2009-10-07 22:48 <DIR> --d-h--- c:\windows\PIF
2009-10-07 21:34 <DIR> --d----- c:\program files\a-squared HiJackFree
2009-10-07 21:26 <DIR> --d----- c:\program files\Advanced Spyware Remover
2009-10-07 21:22 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-07 19:43 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-07 19:30 <DIR> --d----- c:\program files\VS Revo Group
2009-10-07 19:14 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-07 19:13 <DIR> --d----- c:\program files\Lavasoft
2009-10-07 19:02 <DIR> --d----- c:\program files\NoAdware
2009-09-23 21:27 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-09-23 21:27 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-20 14:27 0 a------- c:\windows\win32k.sys
2009-09-10 16:02 6,144 a------- c:\windows\cru629.dat
2009-09-10 16:00 191,357 a------- c:\windows\system32\wisdstr.exe
==================== Find3M ====================
2009-10-01 01:09 237,600 a------- c:\windows\system32\drivers\str.sys
2009-09-10 16:00 20,992 a--sh--- c:\windows\system32\autochk.dll
2009-09-07 21:10 44,544 a------- c:\windows\system32\lpocg.dll
2009-09-04 14:49 75,008 a------- c:\windows\system32\drivers\ndhgcng.sys
2009-09-04 14:44 19,968 a--sh--- c:\documents and settings\fong\protect.dll
2008-04-24 09:23 22,328 a------- c:\docume~1\fong\applic~1\PnkBstrK.sys
2007-05-27 14:30 557,056 a------- c:\documents and settings\fong\GoToAssist_phone__319_en.exe
2007-04-03 04:38 2,518 a------- c:\docume~1\fong\applic~1\wklnhst.dat
2004-08-03 23:56 61,952 ---shr-- c:\windows\system32\adsnwe.exe
============= FINISH: 15:53:00.75 ===============
Your system may have been changed...do you want to do a full scan.
I said yes and it is doing that full scan now. I am not sure if that was correct.
The scan is very large. Do you still want me to press copy and paste it into a post?
DDS
DDS (Ver_09-09-29.01) - NTFSx86
Run by Fong at 15:51:41.85 on 09/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2609 [GMT 1:00]
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Fong\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL =
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Spyware Doctor]
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
dRun: [Monopod] c:\windows\temp\a.exe
dRun: [braviax] c:\windows\system32\braviax.exe
dRun: [PopRock] c:\windows\temp\a.exe
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - c:\progra~1\easywe~1\easywebcam.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\fong\applic~1\mozilla\firefox\profiles\32gmq8fn.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.binsearch.info/
FF - plugin: c:\documents and settings\fong\local settings\application data\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-7 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-14 130424]
R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);c:\windows\system32\drivers\pe3ahqjb.sys [2007-3-29 64896]
R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);c:\windows\system32\drivers\ps6ahqjb.sys [2007-3-29 52616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-7 114768]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2006-8-1 50048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-7 20560]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-6-14 21904]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-22 55640]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-6-14 28560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-2-10 33792]
S1 lzx32;Win23 lzx files load;\??\c:\windows\system32:lzx32.sys --> c:\windows\system32:lzx32.sys [?]
S1 pe386;Win23 lzx files loader;\??\c:\windows\system32:lzx32.sys --> c:\windows\system32:lzx32.sys [?]
S2 Spoolermnmsrvc;Print Spooler Spoolermnmsrvc;c:\windows\temp\mtkrqxmehy.exe srv --> c:\windows\temp\mtkrqxmehy.exe srv [?]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [2003-1-3 210792]
S3 ENDETECT;ENDETECT;\??\d:\release\endetect.sys --> d:\release\ENDETECT.SYS [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2006-8-1 14095]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\multi password recovery\mpr_freader.sys --> c:\program files\multi password recovery\mpr_freader.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 pae_1394;pae_1394;c:\windows\system32\drivers\pae_1394.sys [2008-6-9 123440]
S3 pae_avs;pae_avs;c:\windows\system32\drivers\pae_avs.sys [2008-6-9 51248]
S3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.sys [2006-7-31 27136]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TAPBIND;TAPBIND;\??\d:\release\tapbind1.sys --> d:\release\TAPBIND1.SYS [?]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\drivers\O4501U.sys [2008-3-5 408064]
S3 XDva147;XDva147;\??\c:\windows\system32\xdva147.sys --> c:\windows\system32\XDva147.sys [?]
S4 AlerterALG;Alerter AlerterALG;c:\windows\temp\llsstudsdj.exe service --> c:\windows\temp\llsstudsdj.exe service [?]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-7 138680]
S4 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-7 254040]
S4 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-7 352920]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S4 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-6-14 826600]
S4 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);c:\windows\system32\pr2ahqjb.exe svc --> c:\windows\system32\pr2ahqjb.exe svc [?]
S4 xmlprovxmlprov;Network Provisioning Service xmlprovxmlprov;c:\windows\system32\agcpanelfrenchq.exe srv --> c:\windows\system32\AgCPanelFrenchq.exe srv [?]
SUnknown rjbdive;rjbdive; [x]
=============== Created Last 30 ================
2009-10-08 18:11 233 a--s---- c:\windows\system32\1653416476.dat
2009-10-07 22:48 <DIR> --d-h--- c:\windows\PIF
2009-10-07 21:34 <DIR> --d----- c:\program files\a-squared HiJackFree
2009-10-07 21:26 <DIR> --d----- c:\program files\Advanced Spyware Remover
2009-10-07 21:22 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-07 19:43 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-07 19:30 <DIR> --d----- c:\program files\VS Revo Group
2009-10-07 19:14 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-07 19:13 <DIR> --d----- c:\program files\Lavasoft
2009-10-07 19:02 <DIR> --d----- c:\program files\NoAdware
2009-09-23 21:27 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-09-23 21:27 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-20 14:27 0 a------- c:\windows\win32k.sys
2009-09-10 16:02 6,144 a------- c:\windows\cru629.dat
2009-09-10 16:00 191,357 a------- c:\windows\system32\wisdstr.exe
==================== Find3M ====================
2009-10-01 01:09 237,600 a------- c:\windows\system32\drivers\str.sys
2009-09-10 16:00 20,992 a--sh--- c:\windows\system32\autochk.dll
2009-09-07 21:10 44,544 a------- c:\windows\system32\lpocg.dll
2009-09-04 14:49 75,008 a------- c:\windows\system32\drivers\ndhgcng.sys
2009-09-04 14:44 19,968 a--sh--- c:\documents and settings\fong\protect.dll
2008-04-24 09:23 22,328 a------- c:\docume~1\fong\applic~1\PnkBstrK.sys
2007-05-27 14:30 557,056 a------- c:\documents and settings\fong\GoToAssist_phone__319_en.exe
2007-04-03 04:38 2,518 a------- c:\docume~1\fong\applic~1\wklnhst.dat
2004-08-03 23:56 61,952 ---shr-- c:\windows\system32\adsnwe.exe
============= FINISH: 15:53:00.75 ===============
Ignore the first part of that last post, I did not read your instructions carefully enough, I am running a Rootkit scan now and will post shortly.
I am working on the GMER scan, however my PC has taken to occasionally shutting down without warning, so I have had to start the scan from fresh just now.
I am working on the GMER scan, however my PC has taken to occasionally shutting down without warning, so I have had to start the scan from fresh just now.
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-09 16:51:36
Windows 5.1.2600 Service Pack 2
Running: 23be4qiz.exe; Driver: C:\DOCUME~1\Fong\LOCALS~1\Temp\uwtdypob.sys
---- System - GMER 1.0.15 ----
Code 8A93533E ZwEnumerateKey
Code 8A934FD6 ZwFlushInstructionCache
Code 8A938426 ZwSaveKey
Code 8A9382AE ZwSaveKeyEx
Code 8A9357D5 IofCallDriver
Code 8A935A75 IofCompleteRequest
Code 8A93282D ZwSaveKey
Code 8A9250B5 ZwSaveKeyEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EE0E6 5 Bytes JMP 8A9357DA
.text ntkrnlpa.exe!IofCompleteRequest 804EE176 5 Bytes JMP 8A935A7A
.text ntkrnlpa.exe!ZwSaveKey 804FE584 5 Bytes JMP 8A932832
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE598 5 Bytes JMP 8A9250BA
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + 816 8053C83A 4 Bytes CALL 897D21D2 00000B8A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AACBA 5 Bytes JMP 8A934FDA
PAGE ntkrnlpa.exe!ZwSaveKey 8061748A 5 Bytes JMP 8A93842A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061751A 5 Bytes JMP 8A9382B2
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619820 5 Bytes JMP 8A935342
? C:\windows\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B959A7AE 5 Bytes JMP 8A8485A0
? System32\Drivers\alxn12du.SYS The system cannot find the path specified. !
? 00000B8A The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!DialogBoxIndirectParamW 77D6204B 5 Bytes JMP 7E38C510 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxIndirectA 77D6A062 5 Bytes JMP 7E38C491 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!DialogBoxParamA 77D6B124 5 Bytes JMP 7E38C4D5 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxExW 77D80540 5 Bytes JMP 7E38C3D9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxExA 77D80564 5 Bytes JMP 7E38C413 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!DialogBoxIndirectParamA 77D86CB5 5 Bytes JMP 7E38C54B C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxIndirectW 77D9609B 5 Bytes JMP 7E38C44D C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WININET.dll!HttpAddRequestHeadersA 771C0FA7 5 Bytes JMP 0108000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WININET.dll!HttpAddRequestHeadersW 77228A3D 5 Bytes JMP 0128000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D627E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D627C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00D627A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D629A0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6C0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6C0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6C0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6C1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6C161E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D5ACA] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\windows\Explorer.EXE[420] @ C:\windows\Explorer.EXE [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 015E51CB
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 015E5117
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 015E50B2
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 015E5080
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 015E5484
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 015E5484
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 015E51CB
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 013A51CB
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 013A51CB
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 013A5117
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 013A50B2
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 013A5080
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 013A5484
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 013A5736
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 013A5736
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 013A5484
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 013A5736
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 013A51CB
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F551CB
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F550B2
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F55080
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F551CB
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00F550B2
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00F55484
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F55484
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\windows\system32\svchost.exe[1036] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 02AE5080
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FB51CB
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FB5117
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FB50B2
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FB5080
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FB5736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00FB5484
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00FB5736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FB5736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FB5484
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FB51CB
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01A051CB
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01A05117
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01A050B2
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01A05080
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01A05736
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01A05484
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01A05736
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01A05736
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01A05484
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01A051CB
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AF421E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 8A8537A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AF441E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AF441E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AF441E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AF441E8
Device \Driver\usbehci \Device\USBPDO-1 8A8F25C8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AED91E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AED91E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AED91E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AED81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8AED81E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8AED81E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AC3B620
Device \Driver\NetBT \Device\NetBT_Tcpip_{DA5111B4-4FD1-4B9D-A8AE-FA4483C4DF47} 8AC3B620
Device \Driver\NetBT \Device\NetbiosSmb 8AC3B620
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 8A8537A0
Device \Driver\usbehci \Device\USBFDO-1 8A8F25C8
Device \Driver\nvata \Device\NvAta0 8AF431E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A91B7A0
Device \Driver\PCI_NTPNP4864 \Device�00006e sptd.sys
Device \Driver\nvata \Device\NvAta1 8AF431E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A91B7A0
Device \Driver\rjbdive \Device\{9DD6AFA1-8646-4720-836B-EDCB1085864A} 00000B8A
Device \Driver\nvata \Device\NvAta2 8AF431E8
Device \Driver\Ftdisk \Device\FtControl 8AED91E8
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target3Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target3Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target2Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target2Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target0Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target1Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A85E7A0
---- Threads - GMER 1.0.15 ----
Thread System [4:1980] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1980] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1980] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1980] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1980] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1980] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1980] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1980] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1980] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1980] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1980] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1980] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1980] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1980] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1980] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1984] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1984] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1984] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1984] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1984] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1984] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1984] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1984] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1984] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1984] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1984] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1984] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1984] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1984] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1984] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1988] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1988] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1988] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1988] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1988] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1988] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1988] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1988] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1988] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1988] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1988] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1988] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1988] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1988] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1988] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1992] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1992] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1992] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1992] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1992] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1992] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1992] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1992] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1992] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1992] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1992] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1992] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1992] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1992] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1992] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:828] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.828] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.828] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.828] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.828] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.828] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.828] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.828] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.828] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.828] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.828] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.828] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.828] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.828] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.828] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1312] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1312] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1312] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1312] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1312] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1312] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1312] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1312] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1312] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1312] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1312] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1312] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1312] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1312] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1312] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:988] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.988] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.988] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.988] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.988] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.988] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.988] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.988] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.988] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.988] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.988] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.988] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.988] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.988] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.988] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:984] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.984] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.984] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.984] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.984] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.984] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.984] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.984] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.984] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.984] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.984] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.984] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.984] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.984] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.984] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1284] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1284] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1284] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1284] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1284] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1284] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1284] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1284] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1284] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1284] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1284] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1284] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1284] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1284] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1284] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:2180] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.2180] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.2180] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.2180] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.2180] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.2180] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.2180] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.2180] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.2180] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.2180] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.2180] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.2180] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.2180] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.2180] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.2180] ZwWriteVirtualMemory [0x897D171B]
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACiswsbomawk.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [420] 0x00D50000
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:580] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.580] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.580] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.580] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.580] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.580] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.580] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.580] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.580] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.580] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.580] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.580] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.580] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.580] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.580] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:1884] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.1884] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.1884] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.1884] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.1884] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.1884] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.1884] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.1884] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.1884] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.1884] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.1884] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.1884] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.1884] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.1884] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.1884] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:260] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.260] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.260] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.260] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.260] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.260] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.260] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.260] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.260] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.260] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.260] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.260] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.260] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.260] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.260] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:308] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.308] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.308] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.308] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.308] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.308] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.308] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.308] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.308] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.308] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.308] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.308] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.308] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.308] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.308] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACiswsbomawk.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [560] 0x00F50000
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1872] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1872] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1872] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1872] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1872] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1872] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1872] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1872] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1872] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1872] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1872] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1872] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1872] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1872] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1872] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1876] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1876] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1876] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1876] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1876] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1876] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1876] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1876] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1876] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1876] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1876] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1876] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1876] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1876] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1876] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1880] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1880] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1880] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1880] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1880] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1880] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1880] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1880] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1880] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1880] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1880] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1880] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1880] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1880] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1880] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1928] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1928] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1928] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1928] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1928] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1928] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1928] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1928] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1928] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1928] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1928] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1928] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1928] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1928] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1928] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:608] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.608] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.608] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.608] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.608] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.608] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.608] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.608] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.608] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.608] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.608] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.608] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.608] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.608] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.608] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:660] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.660] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.660] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.660] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.660] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.660] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.660] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.660] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.660] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.660] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.660] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.660] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.660] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.660] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.660] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1788] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1788] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1788] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1788] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1788] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1788] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1788] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1788] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1788] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1788] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1788] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1788] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1788] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1788] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1788] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:2108] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.2108] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.2108] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.2108] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.2108] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.2108] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.2108] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.2108] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.2108] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.2108] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.2108] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.2108] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.2108] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.2108] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.2108] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:2112] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.2112] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.2112] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.2112] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.2112] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.2112] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.2112] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.2112] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.2112] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.2112] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.2112] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.2112] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.2112] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.2112] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.2112] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread winlogon.exe [796:1940] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A winlogon.exe [796.1940] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A winlogon.exe [796.1940] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A winlogon.exe [796.1940] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A winlogon.exe [796.1940] ZwOpenKey [0x897D11B5]
SSDT 00000B8A winlogon.exe [796.1940] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A winlogon.exe [796.1940] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A winlogon.exe [796.1940] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A winlogon.exe [796.1940] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A winlogon.exe [796.1940] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A winlogon.exe [796.1940] ZwSetContextThread [0x897D1152]
SSDT 00000B8A winlogon.exe [796.1940] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A winlogon.exe [796.1940] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A winlogon.exe [796.1940] ZwTerminateThread [0x897D108C]
SSDT 00000B8A winlogon.exe [796.1940] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread winlogon.exe [796:1944] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A winlogon.exe [796.1944] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A winlogon.exe [796.1944] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A winlogon.exe [796.1944] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A winlogon.exe [796.1944] ZwOpenKey [0x897D11B5]
SSDT 00000B8A winlogon.exe [796.1944] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A winlogon.exe [796.1944] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A winlogon.exe [796.1944] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A winlogon.exe [796.1944] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A winlogon.exe [796.1944] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A winlogon.exe [796.1944] ZwSetContextThread [0x897D1152]
SSDT 00000B8A winlogon.exe [796.1944] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A winlogon.exe [796.1944] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A winlogon.exe [796.1944] ZwTerminateThread [0x897D108C]
SSDT 00000B8A winlogon.exe [796.1944] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread services.exe [852:1400] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A services.exe [852.1400] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A services.exe [852.1400] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A services.exe [852.1400] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A services.exe [852.1400] ZwOpenKey [0x897D11B5]
SSDT 00000B8A services.exe [852.1400] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A services.exe [852.1400] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A services.exe [852.1400] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A services.exe [852.1400] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A services.exe [852.1400] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A services.exe [852.1400] ZwSetContextThread [0x897D1152]
SSDT 00000B8A services.exe [852.1400] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A services.exe [852.1400] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A services.exe [852.1400] ZwTerminateThread [0x897D108C]
SSDT 00000B8A services.exe [852.1400] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:964] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A lsass.exe [864.964] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.964] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.964] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.964] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.964] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.964] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.964] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.964] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.964] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.964] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.964] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.964] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.964] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.964] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:1860] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A lsass.exe [864.1860] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.1860] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.1860] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.1860] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.1860] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.1860] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.1860] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.1860] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.1860] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.1860] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.1860] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.1860] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.1860] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.1860] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:1864] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A lsass.exe [864.1864] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.1864] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.1864] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.1864] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.1864] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.1864] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.1864] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.1864] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.1864] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.1864] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.1864] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.1864] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.1864] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.1864] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:1868] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A lsass.exe [864.1868] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.1868] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.1868] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.1868] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.1868] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.1868] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.1868] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.1868] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.1868] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.1868] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.1868] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.1868] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.1868] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.1868] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1036:1780] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1036.1780] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1036.1780] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1036.1780] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1036.1780] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1036.1780] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1036.1780] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1036.1780] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1036.1780] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1036.1780] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1036.1780] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1036.1780] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1036.1780] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1036.1780] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1036.1780] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1036:1924] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1036.1924] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1036.1924] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1036.1924] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1036.1924] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1036.1924] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1036.1924] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1036.1924] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1036.1924] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1036.1924] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1036.1924] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1036.1924] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1036.1924] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1036.1924] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1036.1924] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1036:244] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1036.244] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1036.244] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1036.244] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1036.244] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1036.244] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1036.244] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1036.244] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1036.244] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1036.244] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1036.244] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1036.244] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1036.244] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1036.244] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1036.244] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:1116] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A alg.exe [1140.1116] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.1116] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.1116] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.1116] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.1116] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.1116] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.1116] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.1116] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.1116] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.1116] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.1116] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.1116] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.1116] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.1116] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:1896] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.1896] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.1896] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.1896] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.1896] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.1896] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.1896] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.1896] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.1896] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.1896] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.1896] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.1896] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.1896] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.1896] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.1896] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:288] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A alg.exe [1140.288] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.288] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.288] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.288] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.288] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.288] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.288] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.288] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.288] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.288] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.288] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.288] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.288] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.288] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:292] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.292] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.292] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.292] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.292] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.292] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.292] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.292] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.292] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.292] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.292] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.292] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.292] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.292] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.292] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:188] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.188] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.188] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.188] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.188] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.188] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.188] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.188] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.188] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.188] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.188] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.188] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.188] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.188] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.188] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:300] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.300] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.300] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.300] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.300] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.300] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.300] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.300] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.300] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.300] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.300] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.300] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.300] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.300] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.300] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:324] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.324] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.324] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.324] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.324] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.324] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.324] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.324] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.324] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.324] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.324] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.324] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.324] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.324] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.324] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:340] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.340] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.340] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.340] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.340] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.340] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.340] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.340] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.340] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.340] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.340] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.340] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.340] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.340] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.340] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1152] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1152] 0x009E0000
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [1248] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [1248] 0x009D0000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1608] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1608] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1608] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1608] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1608] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1608] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1608] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1608] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1608] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1608] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1608] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1608] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1608] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1608] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1608] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1704] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1704] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1704] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1704] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1704] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1704] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1704] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1704] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1704] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1704] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1704] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1704] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1704] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1704] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1704] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:272] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.272] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.272] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.272] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.272] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.272] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.272] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.272] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.272] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.272] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.272] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.272] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.272] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.272] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.272] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1604] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1604] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1604] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1604] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1604] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1604] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1604] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1604] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1604] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1604] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1604] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1604] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1604] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1604] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1604] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1932] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1932] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1932] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1932] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1932] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1932] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1932] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1932] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1932] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1932] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1932] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1932] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1932] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1932] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1932] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1936] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1936] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1936] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1936] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1936] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1936] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1936] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1936] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1936] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1936] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1936] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1936] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1936] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1936] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1936] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1948] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1948] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1948] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1948] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1948] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1948] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1948] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1948] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1948] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1948] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1948] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1948] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1948] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1948] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1948] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1972] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1972] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1972] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1972] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1972] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1972] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1972] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1972] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1972] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1972] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1972] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1972] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1972] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1972] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1972] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2008] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2008] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2008] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2008] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2008] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2008] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2008] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2008] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2008] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2008] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2008] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2008] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2008] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2008] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2008] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2012] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2012] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2012] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2012] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2012] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2012] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2012] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2012] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2012] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2012] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2012] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2012] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2012] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2012] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2012] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2020] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2020] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2020] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2020] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2020] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2020] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2020] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2020] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2020] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2020] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2020] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2020] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2020] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2020] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2020] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2028] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2028] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2028] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2028] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2028] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2028] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2028] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2028] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2028] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2028] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2028] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2028] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2028] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2028] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2028] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:916] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.916] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.916] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.916] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.916] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.916] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.916] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.916] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.916] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.916] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.916] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.916] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.916] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.916] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.916] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:248] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.248] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.248] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.248] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.248] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.248] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.248] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.248] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.248] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.248] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.248] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.248] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.248] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.248] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.248] ZwWriteVirtualMemory [0x897D171B]
Rootkit scan 2009-10-09 16:51:36
Windows 5.1.2600 Service Pack 2
Running: 23be4qiz.exe; Driver: C:\DOCUME~1\Fong\LOCALS~1\Temp\uwtdypob.sys
---- System - GMER 1.0.15 ----
Code 8A93533E ZwEnumerateKey
Code 8A934FD6 ZwFlushInstructionCache
Code 8A938426 ZwSaveKey
Code 8A9382AE ZwSaveKeyEx
Code 8A9357D5 IofCallDriver
Code 8A935A75 IofCompleteRequest
Code 8A93282D ZwSaveKey
Code 8A9250B5 ZwSaveKeyEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EE0E6 5 Bytes JMP 8A9357DA
.text ntkrnlpa.exe!IofCompleteRequest 804EE176 5 Bytes JMP 8A935A7A
.text ntkrnlpa.exe!ZwSaveKey 804FE584 5 Bytes JMP 8A932832
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE598 5 Bytes JMP 8A9250BA
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + 816 8053C83A 4 Bytes CALL 897D21D2 00000B8A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AACBA 5 Bytes JMP 8A934FDA
PAGE ntkrnlpa.exe!ZwSaveKey 8061748A 5 Bytes JMP 8A93842A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061751A 5 Bytes JMP 8A9382B2
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619820 5 Bytes JMP 8A935342
? C:\windows\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B959A7AE 5 Bytes JMP 8A8485A0
? System32\Drivers\alxn12du.SYS The system cannot find the path specified. !
? 00000B8A The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!DialogBoxIndirectParamW 77D6204B 5 Bytes JMP 7E38C510 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxIndirectA 77D6A062 5 Bytes JMP 7E38C491 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!DialogBoxParamA 77D6B124 5 Bytes JMP 7E38C4D5 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxExW 77D80540 5 Bytes JMP 7E38C3D9 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxExA 77D80564 5 Bytes JMP 7E38C413 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!DialogBoxIndirectParamA 77D86CB5 5 Bytes JMP 7E38C54B C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] USER32.dll!MessageBoxIndirectW 77D9609B 5 Bytes JMP 7E38C44D C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WININET.dll!HttpAddRequestHeadersA 771C0FA7 5 Bytes JMP 0108000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WININET.dll!HttpAddRequestHeadersW 77228A3D 5 Bytes JMP 0128000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D627E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D627C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00D627A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[560] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D629A0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6C0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6C0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6C0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6C1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6C161E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D5ACA] sptd.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\windows\Explorer.EXE[420] @ C:\windows\Explorer.EXE [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 015E51CB
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 015E5117
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 015E50B2
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 015E5080
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 015E5484
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 015E5736
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 015E5484
IAT C:\windows\Explorer.EXE[420] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 015E51CB
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 013A51CB
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 013A51CB
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 013A5117
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 013A50B2
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 013A5080
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 013A5484
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 013A5736
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 013A5736
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 013A5484
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 013A5736
IAT C:\windows\system32\services.exe[852] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 013A51CB
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F551CB
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F550B2
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F55080
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F551CB
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00F550B2
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00F55484
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F55484
IAT C:\windows\system32\lsass.exe[864] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\windows\system32\svchost.exe[1036] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 02AE5080
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\alg.exe[1140] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FB51CB
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FB5117
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FB50B2
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FB5080
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FB5736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00FB5484
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00FB5736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FB5736
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FB5484
IAT C:\windows\system32\svchost.exe[1152] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FB51CB
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01A051CB
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01A05117
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01A050B2
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01A05080
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01A05736
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 01A05484
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 01A05736
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01A05736
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01A05484
IAT C:\windows\System32\svchost.exe[1248] @ C:\windows\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01A051CB
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\msiexec.exe[1616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\system32\svchost.exe[1816] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\Fong\Desktop\23be4qiz.exe[2168] @ C:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\windows\System32\svchost.exe[2364] @ C:\windows\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AF421E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 8A8537A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AF441E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AF441E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AF441E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AF441E8
Device \Driver\usbehci \Device\USBPDO-1 8A8F25C8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AED91E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AED91E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AED91E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AED81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8AED81E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8AED81E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AC3B620
Device \Driver\NetBT \Device\NetBT_Tcpip_{DA5111B4-4FD1-4B9D-A8AE-FA4483C4DF47} 8AC3B620
Device \Driver\NetBT \Device\NetbiosSmb 8AC3B620
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 8A8537A0
Device \Driver\usbehci \Device\USBFDO-1 8A8F25C8
Device \Driver\nvata \Device\NvAta0 8AF431E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A91B7A0
Device \Driver\PCI_NTPNP4864 \Device�00006e sptd.sys
Device \Driver\nvata \Device\NvAta1 8AF431E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A91B7A0
Device \Driver\rjbdive \Device\{9DD6AFA1-8646-4720-836B-EDCB1085864A} 00000B8A
Device \Driver\nvata \Device\NvAta2 8AF431E8
Device \Driver\Ftdisk \Device\FtControl 8AED91E8
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target3Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target3Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target2Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target2Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target0Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target1Lun0 8A83D5C0
Device \Driver\alxn12du \Device\Scsi\alxn12du1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A85E7A0
---- Threads - GMER 1.0.15 ----
Thread System [4:1980] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1980] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1980] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1980] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1980] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1980] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1980] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1980] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1980] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1980] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1980] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1980] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1980] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1980] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1980] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1984] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1984] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1984] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1984] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1984] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1984] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1984] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1984] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1984] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1984] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1984] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1984] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1984] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1984] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1984] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1988] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1988] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1988] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1988] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1988] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1988] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1988] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1988] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1988] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1988] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1988] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1988] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1988] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1988] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1988] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1992] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1992] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1992] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1992] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1992] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1992] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1992] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1992] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1992] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1992] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1992] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1992] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1992] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1992] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1992] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:828] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.828] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.828] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.828] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.828] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.828] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.828] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.828] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.828] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.828] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.828] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.828] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.828] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.828] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.828] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1312] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1312] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1312] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1312] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1312] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1312] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1312] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1312] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1312] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1312] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1312] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1312] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1312] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1312] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1312] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:988] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.988] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.988] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.988] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.988] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.988] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.988] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.988] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.988] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.988] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.988] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.988] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.988] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.988] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.988] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:984] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.984] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.984] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.984] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.984] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.984] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.984] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.984] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.984] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.984] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.984] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.984] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.984] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.984] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.984] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:1284] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.1284] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.1284] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.1284] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.1284] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.1284] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.1284] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.1284] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.1284] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.1284] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.1284] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.1284] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.1284] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.1284] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.1284] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread System [4:2180] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A System [4.2180] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A System [4.2180] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A System [4.2180] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A System [4.2180] ZwOpenKey [0x897D11B5]
SSDT 00000B8A System [4.2180] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A System [4.2180] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A System [4.2180] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A System [4.2180] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A System [4.2180] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A System [4.2180] ZwSetContextThread [0x897D1152]
SSDT 00000B8A System [4.2180] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A System [4.2180] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A System [4.2180] ZwTerminateThread [0x897D108C]
SSDT 00000B8A System [4.2180] ZwWriteVirtualMemory [0x897D171B]
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACiswsbomawk.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [420] 0x00D50000
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:580] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.580] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.580] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.580] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.580] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.580] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.580] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.580] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.580] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.580] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.580] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.580] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.580] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.580] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.580] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:1884] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.1884] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.1884] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.1884] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.1884] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.1884] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.1884] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.1884] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.1884] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.1884] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.1884] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.1884] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.1884] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.1884] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.1884] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:260] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.260] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.260] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.260] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.260] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.260] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.260] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.260] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.260] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.260] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.260] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.260] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.260] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.260] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.260] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [420:308] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A explorer.exe [420.308] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A explorer.exe [420.308] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A explorer.exe [420.308] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A explorer.exe [420.308] ZwOpenKey [0x897D11B5]
SSDT 00000B8A explorer.exe [420.308] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A explorer.exe [420.308] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A explorer.exe [420.308] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A explorer.exe [420.308] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A explorer.exe [420.308] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A explorer.exe [420.308] ZwSetContextThread [0x897D1152]
SSDT 00000B8A explorer.exe [420.308] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A explorer.exe [420.308] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A explorer.exe [420.308] ZwTerminateThread [0x897D108C]
SSDT 00000B8A explorer.exe [420.308] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACiswsbomawk.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [560] 0x00F50000
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1872] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1872] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1872] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1872] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1872] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1872] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1872] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1872] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1872] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1872] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1872] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1872] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1872] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1872] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1872] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1876] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1876] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1876] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1876] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1876] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1876] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1876] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1876] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1876] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1876] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1876] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1876] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1876] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1876] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1876] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1880] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1880] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1880] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1880] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1880] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1880] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1880] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1880] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1880] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1880] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1880] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1880] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1880] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1880] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1880] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1928] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1928] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1928] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1928] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1928] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1928] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1928] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1928] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1928] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1928] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1928] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1928] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1928] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1928] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1928] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:608] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.608] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.608] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.608] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.608] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.608] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.608] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.608] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.608] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.608] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.608] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.608] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.608] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.608] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.608] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:660] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.660] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.660] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.660] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.660] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.660] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.660] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.660] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.660] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.660] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.660] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.660] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.660] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.660] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.660] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:1788] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.1788] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.1788] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.1788] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.1788] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.1788] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.1788] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.1788] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.1788] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.1788] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.1788] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.1788] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.1788] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.1788] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.1788] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:2108] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.2108] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.2108] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.2108] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.2108] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.2108] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.2108] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.2108] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.2108] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.2108] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.2108] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.2108] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.2108] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.2108] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.2108] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread iexplore.exe [560:2112] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A iexplore.exe [560.2112] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A iexplore.exe [560.2112] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A iexplore.exe [560.2112] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A iexplore.exe [560.2112] ZwOpenKey [0x897D11B5]
SSDT 00000B8A iexplore.exe [560.2112] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A iexplore.exe [560.2112] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A iexplore.exe [560.2112] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A iexplore.exe [560.2112] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A iexplore.exe [560.2112] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A iexplore.exe [560.2112] ZwSetContextThread [0x897D1152]
SSDT 00000B8A iexplore.exe [560.2112] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A iexplore.exe [560.2112] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A iexplore.exe [560.2112] ZwTerminateThread [0x897D108C]
SSDT 00000B8A iexplore.exe [560.2112] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread winlogon.exe [796:1940] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A winlogon.exe [796.1940] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A winlogon.exe [796.1940] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A winlogon.exe [796.1940] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A winlogon.exe [796.1940] ZwOpenKey [0x897D11B5]
SSDT 00000B8A winlogon.exe [796.1940] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A winlogon.exe [796.1940] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A winlogon.exe [796.1940] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A winlogon.exe [796.1940] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A winlogon.exe [796.1940] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A winlogon.exe [796.1940] ZwSetContextThread [0x897D1152]
SSDT 00000B8A winlogon.exe [796.1940] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A winlogon.exe [796.1940] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A winlogon.exe [796.1940] ZwTerminateThread [0x897D108C]
SSDT 00000B8A winlogon.exe [796.1940] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread winlogon.exe [796:1944] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A winlogon.exe [796.1944] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A winlogon.exe [796.1944] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A winlogon.exe [796.1944] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A winlogon.exe [796.1944] ZwOpenKey [0x897D11B5]
SSDT 00000B8A winlogon.exe [796.1944] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A winlogon.exe [796.1944] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A winlogon.exe [796.1944] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A winlogon.exe [796.1944] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A winlogon.exe [796.1944] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A winlogon.exe [796.1944] ZwSetContextThread [0x897D1152]
SSDT 00000B8A winlogon.exe [796.1944] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A winlogon.exe [796.1944] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A winlogon.exe [796.1944] ZwTerminateThread [0x897D108C]
SSDT 00000B8A winlogon.exe [796.1944] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread services.exe [852:1400] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A services.exe [852.1400] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A services.exe [852.1400] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A services.exe [852.1400] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A services.exe [852.1400] ZwOpenKey [0x897D11B5]
SSDT 00000B8A services.exe [852.1400] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A services.exe [852.1400] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A services.exe [852.1400] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A services.exe [852.1400] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A services.exe [852.1400] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A services.exe [852.1400] ZwSetContextThread [0x897D1152]
SSDT 00000B8A services.exe [852.1400] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A services.exe [852.1400] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A services.exe [852.1400] ZwTerminateThread [0x897D108C]
SSDT 00000B8A services.exe [852.1400] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:964] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A lsass.exe [864.964] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.964] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.964] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.964] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.964] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.964] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.964] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.964] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.964] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.964] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.964] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.964] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.964] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.964] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:1860] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A lsass.exe [864.1860] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.1860] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.1860] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.1860] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.1860] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.1860] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.1860] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.1860] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.1860] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.1860] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.1860] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.1860] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.1860] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.1860] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:1864] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A lsass.exe [864.1864] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.1864] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.1864] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.1864] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.1864] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.1864] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.1864] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.1864] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.1864] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.1864] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.1864] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.1864] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.1864] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.1864] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread lsass.exe [864:1868] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A lsass.exe [864.1868] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A lsass.exe [864.1868] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A lsass.exe [864.1868] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A lsass.exe [864.1868] ZwOpenKey [0x897D11B5]
SSDT 00000B8A lsass.exe [864.1868] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A lsass.exe [864.1868] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A lsass.exe [864.1868] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A lsass.exe [864.1868] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A lsass.exe [864.1868] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A lsass.exe [864.1868] ZwSetContextThread [0x897D1152]
SSDT 00000B8A lsass.exe [864.1868] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A lsass.exe [864.1868] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A lsass.exe [864.1868] ZwTerminateThread [0x897D108C]
SSDT 00000B8A lsass.exe [864.1868] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1036:1780] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1036.1780] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1036.1780] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1036.1780] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1036.1780] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1036.1780] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1036.1780] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1036.1780] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1036.1780] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1036.1780] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1036.1780] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1036.1780] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1036.1780] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1036.1780] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1036.1780] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1036:1924] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1036.1924] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1036.1924] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1036.1924] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1036.1924] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1036.1924] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1036.1924] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1036.1924] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1036.1924] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1036.1924] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1036.1924] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1036.1924] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1036.1924] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1036.1924] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1036.1924] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1036:244] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1036.244] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1036.244] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1036.244] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1036.244] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1036.244] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1036.244] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1036.244] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1036.244] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1036.244] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1036.244] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1036.244] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1036.244] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1036.244] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1036.244] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:1116] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A alg.exe [1140.1116] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.1116] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.1116] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.1116] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.1116] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.1116] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.1116] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.1116] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.1116] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.1116] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.1116] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.1116] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.1116] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.1116] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:1896] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.1896] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.1896] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.1896] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.1896] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.1896] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.1896] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.1896] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.1896] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.1896] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.1896] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.1896] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.1896] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.1896] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.1896] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:288] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A alg.exe [1140.288] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.288] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.288] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.288] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.288] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.288] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.288] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.288] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.288] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.288] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.288] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.288] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.288] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.288] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:292] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.292] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.292] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.292] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.292] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.292] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.292] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.292] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.292] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.292] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.292] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.292] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.292] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.292] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.292] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:188] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.188] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.188] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.188] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.188] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.188] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.188] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.188] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.188] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.188] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.188] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.188] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.188] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.188] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.188] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:300] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.300] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.300] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.300] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.300] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.300] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.300] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.300] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.300] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.300] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.300] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.300] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.300] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.300] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.300] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:324] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.324] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.324] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.324] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.324] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.324] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.324] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.324] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.324] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.324] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.324] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.324] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.324] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.324] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.324] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread alg.exe [1140:340] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A alg.exe [1140.340] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A alg.exe [1140.340] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A alg.exe [1140.340] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A alg.exe [1140.340] ZwOpenKey [0x897D11B5]
SSDT 00000B8A alg.exe [1140.340] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A alg.exe [1140.340] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A alg.exe [1140.340] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A alg.exe [1140.340] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A alg.exe [1140.340] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A alg.exe [1140.340] ZwSetContextThread [0x897D1152]
SSDT 00000B8A alg.exe [1140.340] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A alg.exe [1140.340] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A alg.exe [1140.340] ZwTerminateThread [0x897D108C]
SSDT 00000B8A alg.exe [1140.340] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1152] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1152] 0x009E0000
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [1248] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [1248] 0x009D0000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1608] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1608] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1608] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1608] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1608] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1608] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1608] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1608] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1608] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1608] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1608] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1608] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1608] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1608] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1608] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1704] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1704] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1704] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1704] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1704] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1704] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1704] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1704] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1704] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1704] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1704] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1704] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1704] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1704] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1704] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:272] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.272] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.272] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.272] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.272] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.272] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.272] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.272] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.272] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.272] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.272] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.272] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.272] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.272] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.272] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1604] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1604] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1604] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1604] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1604] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1604] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1604] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1604] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1604] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1604] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1604] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1604] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1604] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1604] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1604] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1932] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1932] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1932] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1932] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1932] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1932] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1932] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1932] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1932] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1932] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1932] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1932] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1932] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1932] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1932] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1936] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1936] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1936] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1936] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1936] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1936] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1936] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1936] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1936] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1936] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1936] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1936] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1936] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1936] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1936] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1948] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1948] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1948] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1948] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1948] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1948] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1948] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1948] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1948] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1948] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1948] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1948] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1948] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1948] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1948] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1972] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1972] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1972] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1972] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1972] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1972] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1972] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1972] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1972] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1972] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1972] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1972] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1972] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1972] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1972] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2008] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2008] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2008] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2008] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2008] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2008] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2008] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2008] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2008] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2008] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2008] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2008] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2008] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2008] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2008] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2012] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2012] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2012] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2012] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2012] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2012] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2012] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2012] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2012] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2012] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2012] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2012] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2012] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2012] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2012] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2020] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2020] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2020] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2020] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2020] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2020] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2020] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2020] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2020] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2020] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2020] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2020] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2020] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2020] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2020] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:2028] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.2028] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.2028] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.2028] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.2028] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.2028] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.2028] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.2028] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.2028] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.2028] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.2028] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.2028] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.2028] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.2028] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.2028] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:916] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.916] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.916] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.916] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.916] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.916] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.916] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.916] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.916] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.916] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.916] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.916] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.916] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.916] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.916] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:248] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.248] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.248] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.248] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.248] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.248] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.248] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.248] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.248] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.248] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.248] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.248] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.248] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.248] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.248] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:368] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.368] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.368] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.368] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.368] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.368] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.368] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.368] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.368] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.368] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.368] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.368] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.368] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.368] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.368] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:320] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.320] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.320] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.320] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.320] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.320] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.320] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.320] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.320] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.320] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.320] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.320] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.320] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.320] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.320] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:672] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.672] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.672] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.672] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.672] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.672] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.672] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.672] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.672] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.672] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.672] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.672] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.672] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.672] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.672] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:680] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.680] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.680] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.680] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.680] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.680] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.680] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.680] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.680] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.680] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.680] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.680] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.680] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.680] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.680] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:708] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.708] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.708] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.708] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.708] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.708] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.708] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.708] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.708] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.708] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.708] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.708] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.708] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.708] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.708] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:712] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.712] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.712] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.712] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.712] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.712] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.712] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.712] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.712] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.712] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.712] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.712] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.712] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.712] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.712] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:816] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.816] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.816] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.816] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.816] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.816] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.816] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.816] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.816] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.816] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.816] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.816] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.816] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.816] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.816] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:820] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.820] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.820] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.820] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.820] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.820] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.820] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.820] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.820] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.820] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.820] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.820] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.820] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.820] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.820] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:932] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.932] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.932] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.932] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.932] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.932] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.932] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.932] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.932] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.932] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.932] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.932] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.932] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.932] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.932] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:512] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.512] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.512] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.512] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.512] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.512] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.512] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.512] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.512] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.512] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.512] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.512] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.512] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.512] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.512] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1276] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1276] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1276] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1276] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1276] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1276] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1276] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1276] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1276] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1276] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1276] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1276] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1276] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1276] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1276] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1628] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1628] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1628] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1628] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1628] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1628] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1628] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1628] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1628] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1628] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1628] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1628] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1628] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1628] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1628] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1480] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1480] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1480] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1480] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1480] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1480] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1480] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1480] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1480] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1480] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1480] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1480] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1480] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1480] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1480] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1460] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1460] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1460] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1460] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1460] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1460] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1460] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1460] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1460] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1460] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1460] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1460] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1460] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1460] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1460] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1764] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1764] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1764] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1764] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1764] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1764] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1764] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1764] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1764] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1764] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1764] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1764] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1764] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1764] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1764] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1808] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1808] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1808] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1808] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1808] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1808] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1808] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1808] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1808] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1808] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1808] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1808] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1808] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1808] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1808] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1840] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1840] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1840] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1840] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1840] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1840] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1840] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1840] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1840] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1840] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1840] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1840] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1840] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1840] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1840] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1848] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1848] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1848] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1848] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1848] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1848] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1848] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1848] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1848] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1848] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1848] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1848] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1848] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1848] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1848] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1900] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1900] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1900] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1900] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1900] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1900] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1900] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1900] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1900] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1900] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1900] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1900] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1900] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1900] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1900] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1904] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1904] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1904] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1904] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1904] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1904] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1904] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1904] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1904] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1904] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1904] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1904] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1904] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1904] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1904] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1908] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1908] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1908] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1908] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1908] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1908] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1908] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1908] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1908] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1908] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1908] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1908] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1908] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1908] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1908] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1912] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1912] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1912] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1912] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1912] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1912] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1912] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1912] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1912] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1912] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1912] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1912] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1912] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1912] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1912] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1736] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1736] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1736] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1736] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1736] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1736] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1736] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1736] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1736] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1736] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1736] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1736] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1736] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1736] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1736] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:296] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.296] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.296] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.296] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.296] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.296] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.296] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.296] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.296] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.296] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.296] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.296] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.296] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.296] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.296] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:720] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.720] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.720] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.720] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.720] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.720] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.720] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.720] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.720] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.720] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.720] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.720] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.720] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.720] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.720] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:768] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.768] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.768] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.768] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.768] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.768] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.768] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.768] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.768] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.768] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.768] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.768] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.768] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.768] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.768] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:724] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.724] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.724] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.724] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.724] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.724] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.724] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.724] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.724] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.724] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.724] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.724] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.724] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.724] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.724] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1800] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1800] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1800] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1800] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1800] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1800] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1800] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1800] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1800] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1800] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1800] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1800] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1800] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1800] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1800] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1500] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1500] 0x009D0000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1048] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1048] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1048] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1048] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1048] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1048] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1048] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1048] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1048] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1048] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1048] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1048] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1048] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1048] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1048] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1212] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1212] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1212] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1212] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1212] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1212] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1212] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1212] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1212] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1212] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1212] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1212] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1212] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1212] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1212] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:748] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.748] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.748] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.748] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.748] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.748] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.748] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.748] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.748] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.748] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.748] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.748] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.748] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.748] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.748] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1268] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1268] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1268] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1268] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1268] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1268] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1268] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1268] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1268] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1268] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1268] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1268] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1268] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1268] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1268] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1528] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1528] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1528] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1528] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1528] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1528] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1528] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1528] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1528] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1528] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1528] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1528] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1528] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1528] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1528] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1240] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1240] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1240] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1240] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1240] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1240] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1240] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1240] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1240] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1240] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1240] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1240] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1240] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1240] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1240] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1844] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1844] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1844] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1844] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1844] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1844] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1844] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1844] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1844] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1844] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1844] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1844] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1844] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1844] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1844] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread msiexec.exe [1616:1796] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A msiexec.exe [1616.1796] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A msiexec.exe [1616.1796] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A msiexec.exe [1616.1796] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A msiexec.exe [1616.1796] ZwOpenKey [0x897D11B5]
SSDT 00000B8A msiexec.exe [1616.1796] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A msiexec.exe [1616.1796] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A msiexec.exe [1616.1796] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A msiexec.exe [1616.1796] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A msiexec.exe [1616.1796] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A msiexec.exe [1616.1796] ZwSetContextThread [0x897D1152]
SSDT 00000B8A msiexec.exe [1616.1796] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A msiexec.exe [1616.1796] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A msiexec.exe [1616.1796] ZwTerminateThread [0x897D108C]
SSDT 00000B8A msiexec.exe [1616.1796] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread msiexec.exe [1616:1804] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A msiexec.exe [1616.1804] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A msiexec.exe [1616.1804] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A msiexec.exe [1616.1804] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A msiexec.exe [1616.1804] ZwOpenKey [0x897D11B5]
SSDT 00000B8A msiexec.exe [1616.1804] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A msiexec.exe [1616.1804] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A msiexec.exe [1616.1804] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A msiexec.exe [1616.1804] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A msiexec.exe [1616.1804] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A msiexec.exe [1616.1804] ZwSetContextThread [0x897D1152]
SSDT 00000B8A msiexec.exe [1616.1804] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A msiexec.exe [1616.1804] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A msiexec.exe [1616.1804] ZwTerminateThread [0x897D108C]
SSDT 00000B8A msiexec.exe [1616.1804] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:264] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.264] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.264] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.264] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.264] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.264] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.264] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.264] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.264] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.264] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.264] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.264] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.264] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.264] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.264] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:268] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.268] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.268] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.268] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.268] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.268] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.268] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.268] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.268] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.268] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.268] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.268] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.268] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.268] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.268] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:356] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.356] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.356] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.356] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.356] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.356] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.356] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.356] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.356] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.356] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.356] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.356] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.356] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.356] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.356] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:284] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.284] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.284] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.284] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.284] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.284] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.284] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.284] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.284] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.284] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.284] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.284] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.284] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.284] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.284] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:400] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.400] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.400] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.400] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.400] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.400] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.400] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.400] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.400] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.400] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.400] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.400] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.400] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.400] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.400] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:472] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.472] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.472] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.472] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.472] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.472] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.472] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.472] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.472] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.472] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.472] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.472] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.472] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.472] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.472] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:476] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.476] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.476] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.476] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.476] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.476] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.476] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.476] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.476] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.476] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.476] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.476] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.476] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.476] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.476] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1816] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1816] 0x00A00000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:1820] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.1820] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.1820] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.1820] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.1820] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.1820] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.1820] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.1820] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.1820] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.1820] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.1820] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.1820] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.1820] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.1820] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.1820] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:1916] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.1916] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.1916] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.1916] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.1916] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.1916] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.1916] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.1916] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.1916] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.1916] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.1916] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.1916] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.1916] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.1916] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.1916] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:1960] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.1960] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.1960] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.1960] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.1960] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.1960] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.1960] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.1960] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.1960] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.1960] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.1960] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.1960] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.1960] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.1960] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.1960] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:2004] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.2004] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.2004] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.2004] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.2004] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.2004] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.2004] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.2004] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.2004] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.2004] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.2004] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.2004] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.2004] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.2004] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.2004] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:2016] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.2016] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.2016] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.2016] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.2016] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.2016] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.2016] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.2016] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.2016] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.2016] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.2016] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.2016] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.2016] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.2016] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.2016] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:2032] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.2032] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.2032] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.2032] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.2032] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.2032] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.2032] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.2032] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.2032] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.2032] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.2032] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.2032] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.2032] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.2032] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.2032] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:576] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.576] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.576] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.576] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.576] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.576] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.576] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.576] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.576] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.576] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.576] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.576] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.576] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.576] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.576] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread 23be4qiz.exe [2168:2172] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwOpenKey [0x897D11B5]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwSetContextThread [0x897D1152]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwTerminateThread [0x897D108C]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread 23be4qiz.exe [2168:2176] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwOpenKey [0x897D11B5]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwSetContextThread [0x897D1152]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwTerminateThread [0x897D108C]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [2364] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [2364] 0x009F0000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2368] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2368] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2368] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2368] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2368] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2368] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2368] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2368] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2368] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2368] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2368] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2368] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2368] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2368] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2368] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2372] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2372] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2372] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2372] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2372] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2372] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2372] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2372] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2372] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2372] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2372] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2372] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2372] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2372] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2372] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2376] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2376] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2376] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2376] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2376] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2376] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2376] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2376] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2376] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2376] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2376] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2376] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2376] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2376] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2376] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2380] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2380] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2380] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2380] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2380] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2380] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2380] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2380] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2380] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2380] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2380] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2380] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2380] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2380] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2380] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2384] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2384] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2384] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2384] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2384] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2384] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2384] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2384] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2384] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2384] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2384] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2384] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2384] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2384] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2384] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2388] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2388] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2388] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2388] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2388] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2388] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2388] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2388] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2388] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2388] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2388] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2388] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2388] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2388] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2388] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2392] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2392] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2392] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2392] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2392] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2392] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2392] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2392] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2392] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2392] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2392] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2392] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2392] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2392] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2392] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2396] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2396] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2396] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2396] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2396] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2396] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2396] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2396] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2396] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2396] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2396] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2396] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2396] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2396] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2396] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2400] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2400] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2400] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2400] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2400] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2400] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2400] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2400] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2400] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2400] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2400] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2400] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2400] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2400] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2400] ZwWriteVirtualMemory [0x897D171B]
---- Services - GMER 1.0.15 ----
Service C:\windows\system32\drivers\kbiwkmyiooxljg.sys (*** hidden *** ) [SYSTEM] kbiwkmjtunaoro <-- ROOTKIT !!!
Service C:\windows\system32\drivers\ndhgcng.sys (*** hidden *** ) [AUTO] rjbdive <-- ROOTKIT !!!
Service C:\windows\system32\drivers\UACtttkdtqmsx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@imagepath \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\injector@* kbiwkmwsp8p.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\injector@svchost.exe kbiwkmcone.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmubyuejwq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcmxsffyl.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmypjbwyfo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkm.dat \systemroot\system32\kbiwkmafdsnwrr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8.dll \systemroot\system32\kbiwkmyodacmsm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmconz.dll \systemroot\system32\kbiwkmijiaogip.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8p.dll \systemroot\system32\kbiwkmvsiwqvrs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmconw.dll \systemroot\system32\kbiwkmyunfyrxp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmcone.dll \systemroot\system32\kbiwkmngwyhiky.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@ImagePath \??\C:\windows\system32\drivers\ndhgcng.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@DisplayName rjbdive
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@RulesData 0x03 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@krnl_sleepfreq 0x10 0x0E 0x00 0x00
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@krnl_servers_list 0x68 0x74 0x74 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x6F 0x71 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@khjeh 0xB0 0xE0 0xD7 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40@khjeh 0x2B 0xAD 0x7E 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41@khjeh 0xEF 0xB8 0x6E 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42@khjeh 0xC8 0xC8 0x6E 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43@khjeh 0x74 0xD5 0x1A 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvkopwjmwnr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdanwodomhd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACmmhgxocprs.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACiswsbomawk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACnenwosvnym.log
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@imagepath \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\injector@* kbiwkmwsp8p.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\injector@svchost.exe kbiwkmcone.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmubyuejwq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcmxsffyl.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmypjbwyfo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkm.dat \systemroot\system32\kbiwkmafdsnwrr.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8.dll \systemroot\system32\kbiwkmyodacmsm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmconz.dll \systemroot\system32\kbiwkmijiaogip.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8p.dll \systemroot\system32\kbiwkmvsiwqvrs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmconw.dll \systemroot\system32\kbiwkmyunfyrxp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmcone.dll \systemroot\system32\kbiwkmngwyhiky.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x6F 0x71 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@khjeh 0xB0 0xE0 0xD7 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40@khjeh 0x2B 0xAD 0x7E 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41@khjeh 0xEF 0xB8 0x6E 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42@khjeh 0xC8 0xC8 0x6E 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43@khjeh 0x74 0xD5 0x1A 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvkopwjmwnr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdanwodomhd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACmmhgxocprs.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACiswsbomawk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACnenwosvnym.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 71F053381DCB8CF0F59F45414C21269CB8F0CDE1349D5F77D7BCC9CB6BFD95B74765CD13B084DE74
26E5EEE34FF89889943B8E8DF4F1FBC52998415835744EEDEBE5C0AE885D140CE41CEC1AE7A1E30D
BC66DD83EED5BC3869150A521390ECE66CE4F353EE92951C2312F0EEFEBC9E127BECC74CFEBC9E12
7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5B
E2F6E6675D575E7D6A3B9808A9C6AECB7A5D14078EDD5E5BE2F6E667AC78E86B32633D9FAF8A13C6
381AE88721F455C133CFA27CD918CB46A723F12DF41F8F5E0EE8153897242B41263B425EC5B22DB5
4EE2FA904C933D427207EF47B26747B110B572A5459638DAC0B5F3F8A90847C9582C1D0006B34EAA
9591EF7D39FA380CDD74F5A71CD87A720F90875E5F581BB1DB309CB26CE8D1A43AE32CBE5DF52FAA
638425D104515577DE08EB658078C83326A86D65E81640EDCFD3444DF9E59ADDCDF6670A6860D4EF
3E0C70B8A9B2102947806B2A681233D487EB3B3E7051900A1394898B38D32375833F4BD87B45D800
95D8D564DDA7E93C5769F87A9F30472668D5BB6568F292B5C47917999B622C3DA807CC4DBE95479C
7A3CC842F06C1A3FC8E912786F7597EFDFC6CE23B02F37F35F12D8F00410D1006D0B5AA44D688A77
F5B3857D4A894B7C74E5567169C54D5059B7E2B12C3D3585F3AF40092576BB8
---- EOF - GMER 1.0.15 ----
Thread svchost.exe [1248:368] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.368] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.368] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.368] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.368] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.368] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.368] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.368] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.368] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.368] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.368] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.368] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.368] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.368] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.368] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:320] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.320] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.320] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.320] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.320] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.320] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.320] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.320] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.320] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.320] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.320] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.320] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.320] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.320] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.320] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:672] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.672] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.672] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.672] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.672] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.672] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.672] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.672] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.672] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.672] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.672] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.672] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.672] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.672] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.672] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:680] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.680] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.680] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.680] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.680] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.680] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.680] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.680] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.680] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.680] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.680] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.680] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.680] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.680] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.680] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:708] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.708] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.708] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.708] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.708] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.708] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.708] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.708] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.708] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.708] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.708] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.708] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.708] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.708] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.708] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:712] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.712] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.712] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.712] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.712] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.712] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.712] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.712] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.712] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.712] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.712] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.712] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.712] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.712] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.712] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:816] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.816] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.816] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.816] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.816] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.816] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.816] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.816] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.816] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.816] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.816] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.816] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.816] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.816] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.816] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:820] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.820] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.820] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.820] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.820] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.820] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.820] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.820] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.820] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.820] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.820] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.820] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.820] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.820] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.820] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:932] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.932] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.932] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.932] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.932] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.932] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.932] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.932] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.932] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.932] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.932] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.932] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.932] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.932] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.932] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:512] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.512] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.512] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.512] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.512] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.512] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.512] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.512] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.512] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.512] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.512] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.512] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.512] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.512] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.512] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1276] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1276] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1276] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1276] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1276] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1276] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1276] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1276] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1276] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1276] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1276] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1276] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1276] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1276] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1276] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1628] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1628] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1628] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1628] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1628] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1628] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1628] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1628] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1628] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1628] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1628] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1628] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1628] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1628] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1628] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1480] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1480] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1480] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1480] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1480] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1480] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1480] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1480] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1480] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1480] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1480] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1480] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1480] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1480] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1480] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1460] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1460] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1460] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1460] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1460] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1460] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1460] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1460] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1460] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1460] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1460] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1460] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1460] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1460] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1460] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1764] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1764] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1764] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1764] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1764] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1764] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1764] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1764] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1764] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1764] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1764] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1764] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1764] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1764] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1764] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1808] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1808] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1808] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1808] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1808] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1808] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1808] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1808] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1808] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1808] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1808] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1808] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1808] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1808] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1808] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1840] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1840] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1840] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1840] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1840] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1840] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1840] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1840] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1840] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1840] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1840] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1840] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1840] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1840] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1840] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1848] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1848] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1848] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1848] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1848] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1848] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1848] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1848] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1848] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1848] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1848] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1848] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1848] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1848] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1848] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1900] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1900] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1900] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1900] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1900] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1900] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1900] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1900] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1900] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1900] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1900] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1900] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1900] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1900] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1900] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1904] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1904] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1904] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1904] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1904] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1904] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1904] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1904] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1904] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1904] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1904] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1904] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1904] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1904] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1904] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1908] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1908] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1908] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1908] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1908] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1908] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1908] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1908] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1908] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1908] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1908] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1908] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1908] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1908] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1908] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1912] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1912] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1912] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1912] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1912] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1912] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1912] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1912] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1912] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1912] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1912] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1912] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1912] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1912] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1912] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1736] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1736] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1736] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1736] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1736] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1736] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1736] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1736] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1736] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1736] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1736] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1736] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1736] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1736] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1736] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:296] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.296] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.296] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.296] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.296] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.296] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.296] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.296] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.296] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.296] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.296] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.296] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.296] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.296] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.296] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:720] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.720] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.720] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.720] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.720] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.720] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.720] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.720] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.720] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.720] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.720] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.720] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.720] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.720] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.720] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:768] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.768] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.768] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.768] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.768] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.768] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.768] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.768] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.768] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.768] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.768] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.768] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.768] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.768] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.768] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:724] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.724] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.724] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.724] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.724] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.724] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.724] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.724] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.724] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.724] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.724] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.724] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.724] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.724] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.724] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1248:1800] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1248.1800] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1248.1800] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1248.1800] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1248.1800] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1248.1800] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1248.1800] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1248.1800] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1248.1800] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1248.1800] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1248.1800] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1248.1800] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1248.1800] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1248.1800] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1248.1800] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1500] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1500] 0x009D0000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1048] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1048] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1048] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1048] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1048] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1048] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1048] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1048] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1048] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1048] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1048] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1048] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1048] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1048] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1048] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1212] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1212] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1212] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1212] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1212] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1212] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1212] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1212] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1212] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1212] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1212] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1212] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1212] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1212] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1212] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:748] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.748] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.748] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.748] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.748] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.748] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.748] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.748] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.748] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.748] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.748] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.748] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.748] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.748] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.748] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1268] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1268] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1268] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1268] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1268] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1268] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1268] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1268] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1268] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1268] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1268] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1268] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1268] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1268] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1268] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1528] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1528] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1528] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1528] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1528] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1528] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1528] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1528] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1528] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1528] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1528] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1528] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1528] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1528] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1528] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1240] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1240] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1240] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1240] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1240] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1240] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1240] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1240] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1240] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1240] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1240] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1240] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1240] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1240] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1240] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1500:1844] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1500.1844] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1500.1844] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1500.1844] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1500.1844] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1500.1844] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1500.1844] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1500.1844] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1500.1844] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1500.1844] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1500.1844] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1500.1844] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1500.1844] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1500.1844] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1500.1844] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread msiexec.exe [1616:1796] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A msiexec.exe [1616.1796] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A msiexec.exe [1616.1796] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A msiexec.exe [1616.1796] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A msiexec.exe [1616.1796] ZwOpenKey [0x897D11B5]
SSDT 00000B8A msiexec.exe [1616.1796] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A msiexec.exe [1616.1796] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A msiexec.exe [1616.1796] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A msiexec.exe [1616.1796] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A msiexec.exe [1616.1796] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A msiexec.exe [1616.1796] ZwSetContextThread [0x897D1152]
SSDT 00000B8A msiexec.exe [1616.1796] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A msiexec.exe [1616.1796] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A msiexec.exe [1616.1796] ZwTerminateThread [0x897D108C]
SSDT 00000B8A msiexec.exe [1616.1796] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread msiexec.exe [1616:1804] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A msiexec.exe [1616.1804] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A msiexec.exe [1616.1804] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A msiexec.exe [1616.1804] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A msiexec.exe [1616.1804] ZwOpenKey [0x897D11B5]
SSDT 00000B8A msiexec.exe [1616.1804] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A msiexec.exe [1616.1804] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A msiexec.exe [1616.1804] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A msiexec.exe [1616.1804] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A msiexec.exe [1616.1804] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A msiexec.exe [1616.1804] ZwSetContextThread [0x897D1152]
SSDT 00000B8A msiexec.exe [1616.1804] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A msiexec.exe [1616.1804] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A msiexec.exe [1616.1804] ZwTerminateThread [0x897D108C]
SSDT 00000B8A msiexec.exe [1616.1804] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:264] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.264] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.264] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.264] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.264] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.264] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.264] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.264] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.264] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.264] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.264] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.264] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.264] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.264] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.264] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:268] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.268] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.268] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.268] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.268] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.268] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.268] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.268] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.268] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.268] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.268] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.268] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.268] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.268] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.268] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:356] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.356] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.356] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.356] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.356] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.356] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.356] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.356] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.356] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.356] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.356] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.356] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.356] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.356] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.356] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:284] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.284] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.284] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.284] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.284] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.284] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.284] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.284] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.284] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.284] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.284] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.284] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.284] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.284] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.284] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:400] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.400] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.400] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.400] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.400] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.400] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.400] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.400] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.400] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.400] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.400] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.400] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.400] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.400] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.400] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:472] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.472] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.472] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.472] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.472] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.472] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.472] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.472] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.472] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.472] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.472] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.472] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.472] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.472] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.472] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread spoolsv.exe [1692:476] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A spoolsv.exe [1692.476] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A spoolsv.exe [1692.476] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A spoolsv.exe [1692.476] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A spoolsv.exe [1692.476] ZwOpenKey [0x897D11B5]
SSDT 00000B8A spoolsv.exe [1692.476] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A spoolsv.exe [1692.476] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A spoolsv.exe [1692.476] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A spoolsv.exe [1692.476] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A spoolsv.exe [1692.476] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A spoolsv.exe [1692.476] ZwSetContextThread [0x897D1152]
SSDT 00000B8A spoolsv.exe [1692.476] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A spoolsv.exe [1692.476] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A spoolsv.exe [1692.476] ZwTerminateThread [0x897D108C]
SSDT 00000B8A spoolsv.exe [1692.476] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1816] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1816] 0x00A00000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:1820] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.1820] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.1820] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.1820] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.1820] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.1820] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.1820] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.1820] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.1820] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.1820] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.1820] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.1820] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.1820] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.1820] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.1820] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:1916] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.1916] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.1916] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.1916] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.1916] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.1916] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.1916] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.1916] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.1916] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.1916] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.1916] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.1916] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.1916] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.1916] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.1916] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:1960] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.1960] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.1960] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.1960] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.1960] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.1960] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.1960] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.1960] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.1960] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.1960] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.1960] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.1960] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.1960] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.1960] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.1960] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:2004] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.2004] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.2004] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.2004] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.2004] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.2004] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.2004] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.2004] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.2004] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.2004] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.2004] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.2004] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.2004] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.2004] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.2004] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:2016] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.2016] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.2016] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.2016] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.2016] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.2016] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.2016] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.2016] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.2016] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.2016] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.2016] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.2016] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.2016] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.2016] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.2016] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:2032] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.2032] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.2032] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.2032] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.2032] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.2032] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.2032] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.2032] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.2032] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.2032] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.2032] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.2032] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.2032] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.2032] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.2032] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [1816:576] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [1816.576] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [1816.576] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [1816.576] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [1816.576] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [1816.576] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [1816.576] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [1816.576] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [1816.576] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [1816.576] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [1816.576] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [1816.576] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [1816.576] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [1816.576] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [1816.576] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread 23be4qiz.exe [2168:2172] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwOpenKey [0x897D11B5]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwSetContextThread [0x897D1152]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwTerminateThread [0x897D108C]
SSDT 00000B8A 23be4qiz.exe [2168.2172] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread 23be4qiz.exe [2168:2176] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwOpenKey [0x897D11B5]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwSetContextThread [0x897D1152]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwTerminateThread [0x897D108C]
SSDT 00000B8A 23be4qiz.exe [2168.2176] ZwWriteVirtualMemory [0x897D171B]
Library \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [2364] 0x10000000
Library \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [2364] 0x009F0000
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2368] SSDT 0x8A7578B8 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2368] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2368] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2368] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2368] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2368] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2368] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2368] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2368] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2368] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2368] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2368] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2368] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2368] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2368] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2372] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2372] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2372] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2372] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2372] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2372] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2372] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2372] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2372] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2372] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2372] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2372] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2372] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2372] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2372] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2376] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2376] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2376] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2376] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2376] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2376] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2376] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2376] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2376] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2376] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2376] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2376] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2376] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2376] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2376] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2380] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2380] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2380] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2380] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2380] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2380] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2380] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2380] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2380] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2380] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2380] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2380] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2380] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2380] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2380] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2384] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2384] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2384] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2384] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2384] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2384] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2384] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2384] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2384] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2384] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2384] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2384] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2384] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2384] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2384] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2388] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2388] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2388] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2388] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2388] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2388] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2388] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2388] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2388] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2388] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2388] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2388] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2388] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2388] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2388] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2392] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2392] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2392] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2392] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2392] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2392] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2392] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2392] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2392] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2392] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2392] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2392] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2392] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2392] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2392] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2396] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2396] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2396] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2396] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2396] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2396] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2396] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2396] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2396] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2396] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2396] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2396] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2396] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2396] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2396] ZwWriteVirtualMemory [0x897D171B]
---- Threads - GMER 1.0.15 ----
Thread svchost.exe [2364:2400] SSDT 0x8A758448 != 0x8050131C
SSDT 00000B8A svchost.exe [2364.2400] ZwDeleteValueKey [0x897D15BD]
SSDT 00000B8A svchost.exe [2364.2400] ZwEnumerateKey [0x897D126D]
SSDT 00000B8A svchost.exe [2364.2400] ZwEnumerateValueKey [0x897D1379]
SSDT 00000B8A svchost.exe [2364.2400] ZwOpenKey [0x897D11B5]
SSDT 00000B8A svchost.exe [2364.2400] ZwOpenProcess [0x897D0F1F]
SSDT 00000B8A svchost.exe [2364.2400] ZwOpenThread [0x897D0FA7]
SSDT 00000B8A svchost.exe [2364.2400] ZwProtectVirtualMemory [0x897D1781]
SSDT 00000B8A svchost.exe [2364.2400] ZwQuerySystemInformation [0x897D0E19]
SSDT 00000B8A svchost.exe [2364.2400] ZwReadVirtualMemory [0x897D16B5]
SSDT 00000B8A svchost.exe [2364.2400] ZwSetContextThread [0x897D1152]
SSDT 00000B8A svchost.exe [2364.2400] ZwSetValueKey [0x897D14B9]
SSDT 00000B8A svchost.exe [2364.2400] ZwSuspendThread [0x897D10EF]
SSDT 00000B8A svchost.exe [2364.2400] ZwTerminateThread [0x897D108C]
SSDT 00000B8A svchost.exe [2364.2400] ZwWriteVirtualMemory [0x897D171B]
---- Services - GMER 1.0.15 ----
Service C:\windows\system32\drivers\kbiwkmyiooxljg.sys (*** hidden *** ) [SYSTEM] kbiwkmjtunaoro <-- ROOTKIT !!!
Service C:\windows\system32\drivers\ndhgcng.sys (*** hidden *** ) [AUTO] rjbdive <-- ROOTKIT !!!
Service C:\windows\system32\drivers\UACtttkdtqmsx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro@imagepath \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\injector@* kbiwkmwsp8p.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\injector@svchost.exe kbiwkmcone.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmubyuejwq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcmxsffyl.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmypjbwyfo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkm.dat \systemroot\system32\kbiwkmafdsnwrr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8.dll \systemroot\system32\kbiwkmyodacmsm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmconz.dll \systemroot\system32\kbiwkmijiaogip.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8p.dll \systemroot\system32\kbiwkmvsiwqvrs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmconw.dll \systemroot\system32\kbiwkmyunfyrxp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmjtunaoro\modules@kbiwkmcone.dll \systemroot\system32\kbiwkmngwyhiky.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@ImagePath \??\C:\windows\system32\drivers\ndhgcng.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@DisplayName rjbdive
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@RulesData 0x03 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@krnl_sleepfreq 0x10 0x0E 0x00 0x00
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive@krnl_servers_list 0x68 0x74 0x74 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\rjbdive\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x6F 0x71 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@khjeh 0xB0 0xE0 0xD7 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40@khjeh 0x2B 0xAD 0x7E 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41@khjeh 0xEF 0xB8 0x6E 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42@khjeh 0xC8 0xC8 0x6E 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43@khjeh 0x74 0xD5 0x1A 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvkopwjmwnr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdanwodomhd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACmmhgxocprs.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACiswsbomawk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACnenwosvnym.log
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro@imagepath \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\injector@* kbiwkmwsp8p.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\injector@svchost.exe kbiwkmcone.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyiooxljg.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmubyuejwq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmcmxsffyl.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmypjbwyfo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkm.dat \systemroot\system32\kbiwkmafdsnwrr.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8.dll \systemroot\system32\kbiwkmyodacmsm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmconz.dll \systemroot\system32\kbiwkmijiaogip.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmwsp8p.dll \systemroot\system32\kbiwkmvsiwqvrs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmconw.dll \systemroot\system32\kbiwkmyunfyrxp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmjtunaoro\modules@kbiwkmcone.dll \systemroot\system32\kbiwkmngwyhiky.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x6F 0x71 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@khjeh 0xB0 0xE0 0xD7 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40@khjeh 0x2B 0xAD 0x7E 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf41@khjeh 0xEF 0xB8 0x6E 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf42@khjeh 0xC8 0xC8 0x6E 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf43@khjeh 0x74 0xD5 0x1A 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtttkdtqmsx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvkopwjmwnr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACedyrsvskgo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdanwodomhd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACmmhgxocprs.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkbfnyprpfg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACiswsbomawk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACnenwosvnym.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 71F053381DCB8CF0F59F45414C21269CB8F0CDE1349D5F77D7BCC9CB6BFD95B74765CD13B084DE74
26E5EEE34FF89889943B8E8DF4F1FBC52998415835744EEDEBE5C0AE885D140CE41CEC1AE7A1E30D
BC66DD83EED5BC3869150A521390ECE66CE4F353EE92951C2312F0EEFEBC9E127BECC74CFEBC9E12
7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5B
E2F6E6675D575E7D6A3B9808A9C6AECB7A5D14078EDD5E5BE2F6E667AC78E86B32633D9FAF8A13C6
381AE88721F455C133CFA27CD918CB46A723F12DF41F8F5E0EE8153897242B41263B425EC5B22DB5
4EE2FA904C933D427207EF47B26747B110B572A5459638DAC0B5F3F8A90847C9582C1D0006B34EAA
9591EF7D39FA380CDD74F5A71CD87A720F90875E5F581BB1DB309CB26CE8D1A43AE32CBE5DF52FAA
638425D104515577DE08EB658078C83326A86D65E81640EDCFD3444DF9E59ADDCDF6670A6860D4EF
3E0C70B8A9B2102947806B2A681233D487EB3B3E7051900A1394898B38D32375833F4BD87B45D800
95D8D564DDA7E93C5769F87A9F30472668D5BB6568F292B5C47917999B622C3DA807CC4DBE95479C
7A3CC842F06C1A3FC8E912786F7597EFDFC6CE23B02F37F35F12D8F00410D1006D0B5AA44D688A77
F5B3857D4A894B7C74E5567169C54D5059B7E2B12C3D3585F3AF40092576BB8
---- EOF - GMER 1.0.15 ----
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
If we could clean it that would be nice. I kinda figured it was pretty screwed over.
I would rather not re-format as its quite an old install and I know I would never get all of the information from it that I would want/need. I would inevitably end up thinking in a week...oh crap I can't access this or that anymore now.
If we could clean it that would be much better.
I would rather not re-format as its quite an old install and I know I would never get all of the information from it that I would want/need. I would inevitably end up thinking in a week...oh crap I can't access this or that anymore now.
If we could clean it that would be much better.
Ok. Before we begin cleaning attempt, I want to warn you about P2P. Downloads from P2P networks are one of the biggest infection sources. My recommendation is to uninstall all P2P clients like uTorrent installed there.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards. - Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Ok will do that asap, having some problems with that machine and getting online so posting this from a different machine.
For uTorrent, its not a tool I use very often but it is good for getting large updates to games like WoW and the recent Aion Beta release which was done by torrent. I don't really do p2p as I tend to prefer Usenet.
For uTorrent, its not a tool I use very often but it is good for getting large updates to games like WoW and the recent Aion Beta release which was done by torrent. I don't really do p2p as I tend to prefer Usenet.
Unfortunately ComboFix is behaving as HJT and others....nothing is happening, I can see it there in processes, but it is using no CPU power and has a static 3.5k memory usage.
This happens whether I drag the bundle I downloaded to install the recovery console or if I just double-click on ComboFix.exe
This happens whether I drag the bundle I downloaded to install the recovery console or if I just double-click on ComboFix.exe
Hi,
Rename ComboFix to dravi.exe and try to run it after that.
Rename ComboFix to dravi.exe and try to run it after that.
That didn't work.
I think I will try to install Ubuntu (linux) been meaning to get a system with some sort of linux on it. Hoping that it iwll wipe out (Format) C but leave my other partitions safe so I can still access the files there.
We will see.
\but thank you very much for your time and expertise freely given and the advice I think I will take the advice about formatting
I think I will try to install Ubuntu (linux) been meaning to get a system with some sort of linux on it. Hoping that it iwll wipe out (Format) C but leave my other partitions safe so I can still access the files there.
We will see.
\but thank you very much for your time and expertise freely given and the advice I think I will take the advice about formatting
Yes. System is pretty badly infected and so reformat is sensible option.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.