Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malewarebytes "Rootkit.Agent"


  • This topic is locked This topic is locked
47 replies to this topic

#1 jnh2opolo5

jnh2opolo5

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 05:28 PM

Hi, I'm Josh!

I'm pretty sure it's a rootkit. Recently I became suspicious that I was hacked when I tried logging into facebook and found that my account was attempted to access from a suspicious location (somewhere in Brazil?!?) anyway, I had to reset all my passwords and did the same for my email account. I ran malewarebytes and it first found some of the usual suspects, deleted and quarantined all but had to delete on reboot for one file named C:\Windows\system32\Drivers\str.sys (Rootkit.Agent). However when the reboot had been started I get forced into windows system startup repair. Only one boot process is typically found called c:\windows\system32\drivers\oopuhnpkpjv.sys and is said to be corrupted? Also typical of my computer is for the Blue Crash Screen to pop up often (usually when I try to search for the alleged corrupted files (I will include a picture of the most recent in a attachment)) it usually reads "PAGE_FAULT_IN_NONPAGED_AREA"


I have tried to fix this issue on my own and had read extensively into the forums before this post to try and fix the problem myself. I figure that you guy are very busy. But it's getting kinda annoying now. In an attempt on my own I tried running ComboFix and it did find the following under Hidden files:

c:\windows\system32\drivers\oopuhnpkpjv.sys 69504 bytes executable

c:\windows\system32\drivers\str.sys 172064 bytes



However when I rescanned my hard drive with malewarebytes, the rootkit.agent file is still present?

Any help you may be able to provide is much appreciated!



The following is the logs of Malewarebytes (scanned on Oct/25/2010), "Posted/Attached" DDS (scanned on Oct/25/2010), "Attached" GMER (scanned on Oct/25/2010).

I will also post the ComboFix Log in attachment.



Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4941

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

10/25/2010 12:38:06 PM

mbam-log-2010-10-25 (12-38-06).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 299882

Time elapsed: 2 hour(s), 8 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

(No malicious items detected)

Files Infected:

C:\Windows\system32\Drivers\str.sys (Rootkit.Agent) -> Not selected for removal.



DDS.TXT LOG


DDS (Ver_10-10-21.02) - NTFSx86
Run by Josh at 14:31:10.41 on Mon 10/25/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1823 [GMT -7:00]


SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josh\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.computers.us.fujitsu.com/
uInternet Settings,ProxyServer = http=127.0.0.1:51923
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll


============= SERVICES / DRIVERS ===============

R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-11-21 8960]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-5-11 35456]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091216.001\IDSvix86.sys [2009-12-17 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 FJVBCtrl;FJVBCtrl;c:\program files\fujitsu\fujitsu hotkey utility\FJVBCtrl.sys [2007-2-16 12848]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\fjdvrupd\updnvsrv.exe [2007-1-27 11776]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-11-21 5632]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-3 48688]
S2 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\advntdrv.sys [2008-9-24 3872]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 USBAVCap;AVerMedia USB TV Tuner Device;c:\windows\system32\drivers\USBAVCap.sys [2007-11-21 829696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]


=============== Created Last 30 ================

2010-10-25 20:41:01 -------- d-----w- c:\progra~2\AVG10
2010-10-25 20:19:07 -------- d-----w- c:\program files\AVG
2010-10-25 20:07:18 -------- d-----w- c:\progra~2\MFAData
2010-10-24 10:28:51 -------- d-----w- c:\users\josh\appdata\roaming\SUPERAntiSpyware.com
2010-10-24 01:44:17 -------- d-----w- C:\ComboFix(1)
2010-10-24 01:32:17 -------- d-s---w- C:\ComboFix
2010-10-23 23:59:04 -------- d-----w- c:\program files\iPod
2010-10-22 22:05:36 -------- d-----w- c:\program files\iPod(49)
2010-10-20 04:03:53 -------- d-----w- c:\program files\iPod(3)
2010-10-19 21:33:02 469256 ----a-w- c:\program files\common files\windows live\.cache\338288731cb6fd52b\InstallManager_WLE_WLE.exe
2010-10-19 21:32:14 15712 ----a-w- c:\program files\common files\windows live\.cache\1778a5631cb6fd51f\MeshBetaRemover.exe
2010-10-19 21:31:35 94040 ----a-w- c:\program files\common files\windows live\.cache\ff9169f31cb6fd418\DSETUP.dll
2010-10-19 21:31:35 525656 ----a-w- c:\program files\common files\windows live\.cache\ff9169f31cb6fd418\DXSETUP.exe
2010-10-19 21:31:35 1691480 ----a-w- c:\program files\common files\windows live\.cache\ff9169f31cb6fd418\dsetup32.dll
2010-10-19 21:31:31 94040 ----a-w- c:\program files\common files\windows live\.cache\fdf741f31cb6fd417\DSETUP.dll
2010-10-19 21:31:31 525656 ----a-w- c:\program files\common files\windows live\.cache\fdf741f31cb6fd417\DXSETUP.exe
2010-10-19 21:31:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\fdf741f31cb6fd417\dsetup32.dll
2010-10-19 21:29:42 -------- d-----w- c:\users\josh\appdata\local\Windows Live
2010-10-19 21:26:25 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-17 07:01:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 07:01:03 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-17 07:00:52 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-17 07:00:52 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-17 07:00:52 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-17 07:00:52 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-17 07:00:52 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-17 06:57:55 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-17 06:57:54 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-17 06:57:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-17 06:57:17 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 06:56:55 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 06:56:53 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 06:48:17 -------- d-----w- c:\program files\TuneUpMedia
2010-10-13 06:47:11 -------- d-----w- c:\users\josh\appdata\roaming\TuneUpMedia
2010-10-13 06:46:07 -------- d-----w- c:\progra~2\TuneUpMedia
2010-10-11 07:53:50 -------- d-----w- C:\_OTL
2010-10-11 03:18:19 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-11 03:18:19 423656 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-08 04:12:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-08 03:06:21 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-28 20:22:29 -------- d-----w- c:\program files\iPod(1)


==================== Find3M ====================

2010-09-15 03:50:30 47104 ---ha-w- c:\windows\system32\NETS_isv.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe


============= FINISH: 14:31:39.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 05:54 PM

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-25 15:15:58
Windows 6.0.6002 Service Pack 2
Running: download[1].exe; Driver: C:\Users\Josh\AppData\Local\Temp\uwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT 88A73ED8 ZwAlpcConnectPort
SSDT 88B892D0 ZwCreateThread
SSDT 88A73C78 ZwLoadDriver
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwOpenProcess [0xC6C56780]
SSDT 88B21980 ZwResumeThread
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateProcess [0xC6C56830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateThread [0xC6C568D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwWriteVirtualMemory [0xC6C56970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckOplock + 24E 82A87D5A 6 Bytes PUSH 86556221; RET
.text ntkrnlpa.exe!ZwQueryLicenseValue + 896 82A9693A 4 Bytes CALL 86556226
.text ntkrnlpa.exe!KeSetEvent + 13D 82AF88A0 4 Bytes [D8, 3E, A7, 88]
.text ntkrnlpa.exe!KeSetEvent + 221 82AF8984 4 Bytes [D0, 92, B8, 88]
.text ntkrnlpa.exe!KeSetEvent + 37D 82AF8AE0 4 Bytes [78, 3C, A7, 88]
.text ntkrnlpa.exe!KeSetEvent + 3F1 82AF8B54 4 Bytes [80, 67, C5, C6] {AND BYTE [EDI-0x3b], 0xc6}
.text ntkrnlpa.exe!KeSetEvent + 551 82AF8CB4 4 Bytes [80, 19, B2, 88]
.text ...
? system32\DRIVERS\avgrkx86.sys The system cannot find the path specified. !
? system32\DRIVERS\avgtdix.sys The system cannot find the path specified. !
? system32\DRIVERS\AVGIDSShim.Sys The system cannot find the path specified. !
? system32\DRIVERS\AVGIDSEH.Sys The system cannot find the path specified. !
? system32\DRIVERS\AVGIDSFilter.Sys The system cannot find the path specified. !
? system32\DRIVERS\AVGIDSDriver.Sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogParamW 759272A2 5 Bytes JMP 6DB7DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!GetAsyncKeyState 7592863C 5 Bytes JMP 6DA98F0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetWindowsHookExW 759287AD 5 Bytes JMP 6DB79AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CallNextHookEx 75928E3B 5 Bytes JMP 6DB6D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!UnhookWindowsHookEx 759298DB 5 Bytes JMP 6DAE4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!EnableWindow 7592CD8B 5 Bytes JMP 6DB7DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateWindowExW 75931305 5 Bytes JMP 6DB7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!GetKeyState 75938CB1 5 Bytes JMP 6DB7D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!IsDialogMessageW 75940745 5 Bytes JMP 6DAA5A07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogParamA 759417AA 5 Bytes JMP 6DC75C93 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!IsDialogMessage 75941847 5 Bytes JMP 6DC7552F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogIndirectParamA 759426F1 5 Bytes JMP 6DC75CCA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogIndirectParamW 75949A62 5 Bytes JMP 6DC75D01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetKeyboardState 75950987 5 Bytes JMP 6DC7589E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamW 759510B0 5 Bytes JMP 6DAA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamW 75952EF5 5 Bytes JMP 6DC75027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SendInput 75952F75 5 Bytes JMP 6DC7645B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!EndDialog 7595326E 5 Bytes JMP 6DAA7EAE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetCursorPos 75966FB2 5 Bytes JMP 6DC764AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamA 75968152 5 Bytes JMP 6DC74FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamA 7596847D 5 Bytes JMP 6DC7508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectA 7597D4D9 5 Bytes JMP 6DC74F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectW 7597D5D3 5 Bytes JMP 6DC74EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExA 7597D639 5 Bytes JMP 6DC74E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExW 7597D65D 5 Bytes JMP 6DC74E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!keybd_event 7597D972 5 Bytes JMP 6DC767DF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] SHELL32.dll!SHRestricted + D95 760889A8 4 Bytes [4D, 30, FC, 6E] {DEC EBP; XOR AH, BH; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] SHELL32.dll!SHRestricted + D9D 760889B0 8 Bytes [57, 2F, FC, 6E, 9C, 5B, FB, ...] {PUSH EDI; DAS ; CLD ; OUTSB ; PUSHF ; POP EBX; STI ; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!OleLoadFromStream 75A31E80 5 Bytes JMP 6DC7538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!CoCreateInstance 75A69F3E 5 Bytes JMP 6DB7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!CreateWindowExW 75931305 5 Bytes JMP 6DB7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!DialogBoxParamW 759510B0 5 Bytes JMP 6DAA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!DialogBoxIndirectParamW 75952EF5 5 Bytes JMP 6DC75027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!DialogBoxParamA 75968152 5 Bytes JMP 6DC74FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!DialogBoxIndirectParamA 7596847D 5 Bytes JMP 6DC7508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!MessageBoxIndirectA 7597D4D9 5 Bytes JMP 6DC74F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!MessageBoxIndirectW 7597D5D3 5 Bytes JMP 6DC74EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!MessageBoxExA 7597D639 5 Bytes JMP 6DC74E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5048] USER32.dll!MessageBoxExW 7597D65D 5 Bytes JMP 6DC74E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!CreateDialogParamW 759272A2 5 Bytes JMP 6DB7DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!GetAsyncKeyState 7592863C 5 Bytes JMP 6DA98F0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!SetWindowsHookExW 759287AD 5 Bytes JMP 6DB79AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!CallNextHookEx 75928E3B 5 Bytes JMP 6DB6D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!UnhookWindowsHookEx 759298DB 5 Bytes JMP 6DAE4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!EnableWindow 7592CD8B 5 Bytes JMP 6DB7DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!CreateWindowExW 75931305 5 Bytes JMP 6DB7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!GetKeyState 75938CB1 5 Bytes JMP 6DB7D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!IsDialogMessageW 75940745 5 Bytes JMP 6DAA5A07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!CreateDialogParamA 759417AA 5 Bytes JMP 6DC75C93 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!IsDialogMessage 75941847 5 Bytes JMP 6DC7552F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!CreateDialogIndirectParamA 759426F1 5 Bytes JMP 6DC75CCA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!CreateDialogIndirectParamW 75949A62 5 Bytes JMP 6DC75D01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!SetKeyboardState 75950987 5 Bytes JMP 6DC7589E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!DialogBoxParamW 759510B0 5 Bytes JMP 6DAA54F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!DialogBoxIndirectParamW 75952EF5 5 Bytes JMP 6DC75027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!SendInput 75952F75 5 Bytes JMP 6DC7645B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!EndDialog 7595326E 5 Bytes JMP 6DAA7EAE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!SetCursorPos 75966FB2 5 Bytes JMP 6DC764AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!DialogBoxParamA 75968152 5 Bytes JMP 6DC74FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!DialogBoxIndirectParamA 7596847D 5 Bytes JMP 6DC7508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!MessageBoxIndirectA 7597D4D9 5 Bytes JMP 6DC74F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!MessageBoxIndirectW 7597D5D3 5 Bytes JMP 6DC74EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!MessageBoxExA 7597D639 5 Bytes JMP 6DC74E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!MessageBoxExW 7597D65D 5 Bytes JMP 6DC74E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] USER32.dll!keybd_event 7597D972 5 Bytes JMP 6DC767DF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] SHELL32.dll!SHRestricted + D95 760889A8 4 Bytes [4D, 30, FC, 6E] {DEC EBP; XOR AH, BH; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] SHELL32.dll!SHRestricted + D9D 760889B0 8 Bytes [57, 2F, FC, 6E, 9C, 5B, FB, ...] {PUSH EDI; DAS ; CLD ; OUTSB ; PUSHF ; POP EBX; STI ; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] ole32.dll!OleLoadFromStream 75A31E80 5 Bytes JMP 6DC7538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7912] ole32.dll!CoCreateInstance 75A69F3E 5 Bytes JMP 6DB7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:188] 8655477D
Thread System [4:192] 865548BB
Thread System [4:648] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.648] ZwAlpcConnectPort
SSDT 88B892D0 System [4.648] ZwCreateThread
SSDT 86557146 System [4.648] ZwDeleteValueKey
SSDT 86556DDE System [4.648] ZwEnumerateKey
SSDT 86556EF7 System [4.648] ZwEnumerateValueKey
SSDT 88A73C78 System [4.648] ZwLoadDriver
SSDT 86556D14 System [4.648] ZwOpenKey
SSDT 86556A4E System [4.648] ZwOpenProcess
SSDT 86556AD6 System [4.648] ZwOpenThread
SSDT 8655738B System [4.648] ZwProtectVirtualMemory
SSDT 86557562 System [4.648] ZwQueryDirectoryFile
SSDT 865568FB System [4.648] ZwQuerySystemInformation
SSDT 8655729F System [4.648] ZwReadVirtualMemory
SSDT 88B21980 System [4.648] ZwResumeThread
SSDT 86556CA1 System [4.648] ZwSetContextThread
SSDT 86557034 System [4.648] ZwSetValueKey
SSDT 86554C9F System [4.648] ZwShutdownSystem
SSDT 86556C2E System [4.648] ZwSuspendThread
SSDT 86556BBB System [4.648] ZwTerminateThread
SSDT 86557315 System [4.648] ZwWriteVirtualMemory




---- Threads - GMER 1.0.15 ----

Thread System [4:652] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.652] ZwAlpcConnectPort
SSDT 88B892D0 System [4.652] ZwCreateThread
SSDT 86557146 System [4.652] ZwDeleteValueKey
SSDT 86556DDE System [4.652] ZwEnumerateKey
SSDT 86556EF7 System [4.652] ZwEnumerateValueKey
SSDT 88A73C78 System [4.652] ZwLoadDriver
SSDT 86556D14 System [4.652] ZwOpenKey
SSDT 86556A4E System [4.652] ZwOpenProcess
SSDT 86556AD6 System [4.652] ZwOpenThread
SSDT 8655738B System [4.652] ZwProtectVirtualMemory
SSDT 86557562 System [4.652] ZwQueryDirectoryFile
SSDT 865568FB System [4.652] ZwQuerySystemInformation
SSDT 8655729F System [4.652] ZwReadVirtualMemory
SSDT 88B21980 System [4.652] ZwResumeThread
SSDT 86556CA1 System [4.652] ZwSetContextThread
SSDT 86557034 System [4.652] ZwSetValueKey
SSDT 86554C9F System [4.652] ZwShutdownSystem
SSDT 86556C2E System [4.652] ZwSuspendThread
SSDT 86556BBB System [4.652] ZwTerminateThread
SSDT 86557315 System [4.652] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:656] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.656] ZwAlpcConnectPort
SSDT 88B892D0 System [4.656] ZwCreateThread
SSDT 86557146 System [4.656] ZwDeleteValueKey
SSDT 86556DDE System [4.656] ZwEnumerateKey
SSDT 86556EF7 System [4.656] ZwEnumerateValueKey
SSDT 88A73C78 System [4.656] ZwLoadDriver
SSDT 86556D14 System [4.656] ZwOpenKey
SSDT 86556A4E System [4.656] ZwOpenProcess
SSDT 86556AD6 System [4.656] ZwOpenThread
SSDT 8655738B System [4.656] ZwProtectVirtualMemory
SSDT 86557562 System [4.656] ZwQueryDirectoryFile
SSDT 865568FB System [4.656] ZwQuerySystemInformation
SSDT 8655729F System [4.656] ZwReadVirtualMemory
SSDT 88B21980 System [4.656] ZwResumeThread
SSDT 86556CA1 System [4.656] ZwSetContextThread
SSDT 86557034 System [4.656] ZwSetValueKey
SSDT 86554C9F System [4.656] ZwShutdownSystem
SSDT 86556C2E System [4.656] ZwSuspendThread
SSDT 86556BBB System [4.656] ZwTerminateThread
SSDT 86557315 System [4.656] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:660] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.660] ZwAlpcConnectPort
SSDT 88B892D0 System [4.660] ZwCreateThread
SSDT 86557146 System [4.660] ZwDeleteValueKey
SSDT 86556DDE System [4.660] ZwEnumerateKey
SSDT 86556EF7 System [4.660] ZwEnumerateValueKey
SSDT 88A73C78 System [4.660] ZwLoadDriver
SSDT 86556D14 System [4.660] ZwOpenKey
SSDT 86556A4E System [4.660] ZwOpenProcess
SSDT 86556AD6 System [4.660] ZwOpenThread
SSDT 8655738B System [4.660] ZwProtectVirtualMemory
SSDT 86557562 System [4.660] ZwQueryDirectoryFile
SSDT 865568FB System [4.660] ZwQuerySystemInformation
SSDT 8655729F System [4.660] ZwReadVirtualMemory
SSDT 88B21980 System [4.660] ZwResumeThread
SSDT 86556CA1 System [4.660] ZwSetContextThread
SSDT 86557034 System [4.660] ZwSetValueKey
SSDT 86554C9F System [4.660] ZwShutdownSystem
SSDT 86556C2E System [4.660] ZwSuspendThread
SSDT 86556BBB System [4.660] ZwTerminateThread
SSDT 86557315 System [4.660] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:740] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.740] ZwAlpcConnectPort
SSDT 88B892D0 System [4.740] ZwCreateThread
SSDT 86557146 System [4.740] ZwDeleteValueKey
SSDT 86556DDE System [4.740] ZwEnumerateKey
SSDT 86556EF7 System [4.740] ZwEnumerateValueKey
SSDT 88A73C78 System [4.740] ZwLoadDriver
SSDT 86556D14 System [4.740] ZwOpenKey
SSDT 86556A4E System [4.740] ZwOpenProcess
SSDT 86556AD6 System [4.740] ZwOpenThread
SSDT 8655738B System [4.740] ZwProtectVirtualMemory
SSDT 86557562 System [4.740] ZwQueryDirectoryFile
SSDT 865568FB System [4.740] ZwQuerySystemInformation
SSDT 8655729F System [4.740] ZwReadVirtualMemory
SSDT 88B21980 System [4.740] ZwResumeThread
SSDT 86556CA1 System [4.740] ZwSetContextThread
SSDT 86557034 System [4.740] ZwSetValueKey
SSDT 86554C9F System [4.740] ZwShutdownSystem
SSDT 86556C2E System [4.740] ZwSuspendThread
SSDT 86556BBB System [4.740] ZwTerminateThread
SSDT 86557315 System [4.740] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:820] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.820] ZwAlpcConnectPort
SSDT 88B892D0 System [4.820] ZwCreateThread
SSDT 86557146 System [4.820] ZwDeleteValueKey
SSDT 86556DDE System [4.820] ZwEnumerateKey
SSDT 86556EF7 System [4.820] ZwEnumerateValueKey
SSDT 88A73C78 System [4.820] ZwLoadDriver
SSDT 86556D14 System [4.820] ZwOpenKey
SSDT 86556A4E System [4.820] ZwOpenProcess
SSDT 86556AD6 System [4.820] ZwOpenThread
SSDT 8655738B System [4.820] ZwProtectVirtualMemory
SSDT 86557562 System [4.820] ZwQueryDirectoryFile
SSDT 865568FB System [4.820] ZwQuerySystemInformation
SSDT 8655729F System [4.820] ZwReadVirtualMemory
SSDT 88B21980 System [4.820] ZwResumeThread
SSDT 86556CA1 System [4.820] ZwSetContextThread
SSDT 86557034 System [4.820] ZwSetValueKey
SSDT 86554C9F System [4.820] ZwShutdownSystem
SSDT 86556C2E System [4.820] ZwSuspendThread
SSDT 86556BBB System [4.820] ZwTerminateThread
SSDT 86557315 System [4.820] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:1032] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.1032] ZwAlpcConnectPort
SSDT 88B892D0 System [4.1032] ZwCreateThread
SSDT 86557146 System [4.1032] ZwDeleteValueKey
SSDT 86556DDE System [4.1032] ZwEnumerateKey
SSDT 86556EF7 System [4.1032] ZwEnumerateValueKey
SSDT 88A73C78 System [4.1032] ZwLoadDriver
SSDT 86556D14 System [4.1032] ZwOpenKey
SSDT 86556A4E System [4.1032] ZwOpenProcess
SSDT 86556AD6 System [4.1032] ZwOpenThread
SSDT 8655738B System [4.1032] ZwProtectVirtualMemory
SSDT 86557562 System [4.1032] ZwQueryDirectoryFile
SSDT 865568FB System [4.1032] ZwQuerySystemInformation
SSDT 8655729F System [4.1032] ZwReadVirtualMemory
SSDT 88B21980 System [4.1032] ZwResumeThread
SSDT 86556CA1 System [4.1032] ZwSetContextThread
SSDT 86557034 System [4.1032] ZwSetValueKey
SSDT 86554C9F System [4.1032] ZwShutdownSystem
SSDT 86556C2E System [4.1032] ZwSuspendThread
SSDT 86556BBB System [4.1032] ZwTerminateThread
SSDT 86557315 System [4.1032] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:1628] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.1628] ZwAlpcConnectPort
SSDT 88B892D0 System [4.1628] ZwCreateThread
SSDT 86557146 System [4.1628] ZwDeleteValueKey
SSDT 86556DDE System [4.1628] ZwEnumerateKey
SSDT 86556EF7 System [4.1628] ZwEnumerateValueKey
SSDT 88A73C78 System [4.1628] ZwLoadDriver
SSDT 86556D14 System [4.1628] ZwOpenKey
SSDT 86556A4E System [4.1628] ZwOpenProcess
SSDT 86556AD6 System [4.1628] ZwOpenThread
SSDT 8655738B System [4.1628] ZwProtectVirtualMemory
SSDT 86557562 System [4.1628] ZwQueryDirectoryFile
SSDT 865568FB System [4.1628] ZwQuerySystemInformation
SSDT 8655729F System [4.1628] ZwReadVirtualMemory
SSDT 88B21980 System [4.1628] ZwResumeThread
SSDT 86556CA1 System [4.1628] ZwSetContextThread
SSDT 86557034 System [4.1628] ZwSetValueKey
SSDT 86554C9F System [4.1628] ZwShutdownSystem
SSDT 86556C2E System [4.1628] ZwSuspendThread
SSDT 86556BBB System [4.1628] ZwTerminateThread
SSDT 86557315 System [4.1628] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:1676] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.1676] ZwAlpcConnectPort
SSDT 88B892D0 System [4.1676] ZwCreateThread
SSDT 86557146 System [4.1676] ZwDeleteValueKey
SSDT 86556DDE System [4.1676] ZwEnumerateKey
SSDT 86556EF7 System [4.1676] ZwEnumerateValueKey
SSDT 88A73C78 System [4.1676] ZwLoadDriver
SSDT 86556D14 System [4.1676] ZwOpenKey
SSDT 86556A4E System [4.1676] ZwOpenProcess
SSDT 86556AD6 System [4.1676] ZwOpenThread
SSDT 8655738B System [4.1676] ZwProtectVirtualMemory
SSDT 86557562 System [4.1676] ZwQueryDirectoryFile
SSDT 865568FB System [4.1676] ZwQuerySystemInformation
SSDT 8655729F System [4.1676] ZwReadVirtualMemory
SSDT 88B21980 System [4.1676] ZwResumeThread
SSDT 86556CA1 System [4.1676] ZwSetContextThread
SSDT 86557034 System [4.1676] ZwSetValueKey
SSDT 86554C9F System [4.1676] ZwShutdownSystem
SSDT 86556C2E System [4.1676] ZwSuspendThread
SSDT 86556BBB System [4.1676] ZwTerminateThread
SSDT 86557315 System [4.1676] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2000] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2000] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2000] ZwCreateThread
SSDT 86557146 System [4.2000] ZwDeleteValueKey
SSDT 86556DDE System [4.2000] ZwEnumerateKey
SSDT 86556EF7 System [4.2000] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2000] ZwLoadDriver
SSDT 86556D14 System [4.2000] ZwOpenKey
SSDT 86556A4E System [4.2000] ZwOpenProcess
SSDT 86556AD6 System [4.2000] ZwOpenThread
SSDT 8655738B System [4.2000] ZwProtectVirtualMemory
SSDT 86557562 System [4.2000] ZwQueryDirectoryFile
SSDT 865568FB System [4.2000] ZwQuerySystemInformation
SSDT 8655729F System [4.2000] ZwReadVirtualMemory
SSDT 88B21980 System [4.2000] ZwResumeThread
SSDT 86556CA1 System [4.2000] ZwSetContextThread
SSDT 86557034 System [4.2000] ZwSetValueKey
SSDT 86554C9F System [4.2000] ZwShutdownSystem
SSDT 86556C2E System [4.2000] ZwSuspendThread
SSDT 86556BBB System [4.2000] ZwTerminateThread
SSDT 86557315 System [4.2000] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2004] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2004] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2004] ZwCreateThread
SSDT 86557146 System [4.2004] ZwDeleteValueKey
SSDT 86556DDE System [4.2004] ZwEnumerateKey
SSDT 86556EF7 System [4.2004] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2004] ZwLoadDriver
SSDT 86556D14 System [4.2004] ZwOpenKey
SSDT 86556A4E System [4.2004] ZwOpenProcess
SSDT 86556AD6 System [4.2004] ZwOpenThread
SSDT 8655738B System [4.2004] ZwProtectVirtualMemory
SSDT 86557562 System [4.2004] ZwQueryDirectoryFile
SSDT 865568FB System [4.2004] ZwQuerySystemInformation
SSDT 8655729F System [4.2004] ZwReadVirtualMemory
SSDT 88B21980 System [4.2004] ZwResumeThread
SSDT 86556CA1 System [4.2004] ZwSetContextThread
SSDT 86557034 System [4.2004] ZwSetValueKey
SSDT 86554C9F System [4.2004] ZwShutdownSystem
SSDT 86556C2E System [4.2004] ZwSuspendThread
SSDT 86556BBB System [4.2004] ZwTerminateThread
SSDT 86557315 System [4.2004] ZwWriteVirtualMemory



---- Threads - GMER 1.0.15 ----

Thread System [4:2008] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2008] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2008] ZwCreateThread
SSDT 86557146 System [4.2008] ZwDeleteValueKey
SSDT 86556DDE System [4.2008] ZwEnumerateKey
SSDT 86556EF7 System [4.2008] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2008] ZwLoadDriver
SSDT 86556D14 System [4.2008] ZwOpenKey
SSDT 86556A4E System [4.2008] ZwOpenProcess
SSDT 86556AD6 System [4.2008] ZwOpenThread
SSDT 8655738B System [4.2008] ZwProtectVirtualMemory
SSDT 86557562 System [4.2008] ZwQueryDirectoryFile
SSDT 865568FB System [4.2008] ZwQuerySystemInformation
SSDT 8655729F System [4.2008] ZwReadVirtualMemory
SSDT 88B21980 System [4.2008] ZwResumeThread
SSDT 86556CA1 System [4.2008] ZwSetContextThread
SSDT 86557034 System [4.2008] ZwSetValueKey
SSDT 86554C9F System [4.2008] ZwShutdownSystem
SSDT 86556C2E System [4.2008] ZwSuspendThread
SSDT 86556BBB System [4.2008] ZwTerminateThread
SSDT 86557315 System [4.2008] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2012] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2012] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2012] ZwCreateThread
SSDT 86557146 System [4.2012] ZwDeleteValueKey
SSDT 86556DDE System [4.2012] ZwEnumerateKey
SSDT 86556EF7 System [4.2012] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2012] ZwLoadDriver
SSDT 86556D14 System [4.2012] ZwOpenKey
SSDT 86556A4E System [4.2012] ZwOpenProcess
SSDT 86556AD6 System [4.2012] ZwOpenThread
SSDT 8655738B System [4.2012] ZwProtectVirtualMemory
SSDT 86557562 System [4.2012] ZwQueryDirectoryFile
SSDT 865568FB System [4.2012] ZwQuerySystemInformation
SSDT 8655729F System [4.2012] ZwReadVirtualMemory
SSDT 88B21980 System [4.2012] ZwResumeThread
SSDT 86556CA1 System [4.2012] ZwSetContextThread
SSDT 86557034 System [4.2012] ZwSetValueKey
SSDT 86554C9F System [4.2012] ZwShutdownSystem
SSDT 86556C2E System [4.2012] ZwSuspendThread
SSDT 86556BBB System [4.2012] ZwTerminateThread
SSDT 86557315 System [4.2012] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2016] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2016] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2016] ZwCreateThread
SSDT 86557146 System [4.2016] ZwDeleteValueKey
SSDT 86556DDE System [4.2016] ZwEnumerateKey
SSDT 86556EF7 System [4.2016] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2016] ZwLoadDriver
SSDT 86556D14 System [4.2016] ZwOpenKey
SSDT 86556A4E System [4.2016] ZwOpenProcess
SSDT 86556AD6 System [4.2016] ZwOpenThread
SSDT 8655738B System [4.2016] ZwProtectVirtualMemory
SSDT 86557562 System [4.2016] ZwQueryDirectoryFile
SSDT 865568FB System [4.2016] ZwQuerySystemInformation
SSDT 8655729F System [4.2016] ZwReadVirtualMemory
SSDT 88B21980 System [4.2016] ZwResumeThread
SSDT 86556CA1 System [4.2016] ZwSetContextThread
SSDT 86557034 System [4.2016] ZwSetValueKey
SSDT 86554C9F System [4.2016] ZwShutdownSystem
SSDT 86556C2E System [4.2016] ZwSuspendThread
SSDT 86556BBB System [4.2016] ZwTerminateThread
SSDT 86557315 System [4.2016] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2020] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2020] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2020] ZwCreateThread
SSDT 86557146 System [4.2020] ZwDeleteValueKey
SSDT 86556DDE System [4.2020] ZwEnumerateKey
SSDT 86556EF7 System [4.2020] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2020] ZwLoadDriver
SSDT 86556D14 System [4.2020] ZwOpenKey
SSDT 86556A4E System [4.2020] ZwOpenProcess
SSDT 86556AD6 System [4.2020] ZwOpenThread
SSDT 8655738B System [4.2020] ZwProtectVirtualMemory
SSDT 86557562 System [4.2020] ZwQueryDirectoryFile
SSDT 865568FB System [4.2020] ZwQuerySystemInformation
SSDT 8655729F System [4.2020] ZwReadVirtualMemory
SSDT 88B21980 System [4.2020] ZwResumeThread
SSDT 86556CA1 System [4.2020] ZwSetContextThread
SSDT 86557034 System [4.2020] ZwSetValueKey
SSDT 86554C9F System [4.2020] ZwShutdownSystem
SSDT 86556C2E System [4.2020] ZwSuspendThread
SSDT 86556BBB System [4.2020] ZwTerminateThread
SSDT 86557315 System [4.2020] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2024] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2024] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2024] ZwCreateThread
SSDT 86557146 System [4.2024] ZwDeleteValueKey
SSDT 86556DDE System [4.2024] ZwEnumerateKey
SSDT 86556EF7 System [4.2024] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2024] ZwLoadDriver
SSDT 86556D14 System [4.2024] ZwOpenKey
SSDT 86556A4E System [4.2024] ZwOpenProcess
SSDT 86556AD6 System [4.2024] ZwOpenThread
SSDT 8655738B System [4.2024] ZwProtectVirtualMemory
SSDT 86557562 System [4.2024] ZwQueryDirectoryFile
SSDT 865568FB System [4.2024] ZwQuerySystemInformation
SSDT 8655729F System [4.2024] ZwReadVirtualMemory
SSDT 88B21980 System [4.2024] ZwResumeThread
SSDT 86556CA1 System [4.2024] ZwSetContextThread
SSDT 86557034 System [4.2024] ZwSetValueKey
SSDT 86554C9F System [4.2024] ZwShutdownSystem
SSDT 86556C2E System [4.2024] ZwSuspendThread
SSDT 86556BBB System [4.2024] ZwTerminateThread
SSDT 86557315 System [4.2024] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2028] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2028] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2028] ZwCreateThread
SSDT 86557146 System [4.2028] ZwDeleteValueKey
SSDT 86556DDE System [4.2028] ZwEnumerateKey
SSDT 86556EF7 System [4.2028] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2028] ZwLoadDriver
SSDT 86556D14 System [4.2028] ZwOpenKey
SSDT 86556A4E System [4.2028] ZwOpenProcess
SSDT 86556AD6 System [4.2028] ZwOpenThread
SSDT 8655738B System [4.2028] ZwProtectVirtualMemory
SSDT 86557562 System [4.2028] ZwQueryDirectoryFile
SSDT 865568FB System [4.2028] ZwQuerySystemInformation
SSDT 8655729F System [4.2028] ZwReadVirtualMemory
SSDT 88B21980 System [4.2028] ZwResumeThread
SSDT 86556CA1 System [4.2028] ZwSetContextThread
SSDT 86557034 System [4.2028] ZwSetValueKey
SSDT 86554C9F System [4.2028] ZwShutdownSystem
SSDT 86556C2E System [4.2028] ZwSuspendThread
SSDT 86556BBB System [4.2028] ZwTerminateThread
SSDT 86557315 System [4.2028] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2032] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2032] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2032] ZwCreateThread
SSDT 86557146 System [4.2032] ZwDeleteValueKey
SSDT 86556DDE System [4.2032] ZwEnumerateKey
SSDT 86556EF7 System [4.2032] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2032] ZwLoadDriver
SSDT 86556D14 System [4.2032] ZwOpenKey
SSDT 86556A4E System [4.2032] ZwOpenProcess
SSDT 86556AD6 System [4.2032] ZwOpenThread
SSDT 8655738B System [4.2032] ZwProtectVirtualMemory
SSDT 86557562 System [4.2032] ZwQueryDirectoryFile
SSDT 865568FB System [4.2032] ZwQuerySystemInformation
SSDT 8655729F System [4.2032] ZwReadVirtualMemory
SSDT 88B21980 System [4.2032] ZwResumeThread
SSDT 86556CA1 System [4.2032] ZwSetContextThread
SSDT 86557034 System [4.2032] ZwSetValueKey
SSDT 86554C9F System [4.2032] ZwShutdownSystem
SSDT 86556C2E System [4.2032] ZwSuspendThread
SSDT 86556BBB System [4.2032] ZwTerminateThread
SSDT 86557315 System [4.2032] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:404] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.404] ZwAlpcConnectPort
SSDT 88B892D0 System [4.404] ZwCreateThread
SSDT 86557146 System [4.404] ZwDeleteValueKey
SSDT 86556DDE System [4.404] ZwEnumerateKey
SSDT 86556EF7 System [4.404] ZwEnumerateValueKey
SSDT 88A73C78 System [4.404] ZwLoadDriver
SSDT 86556D14 System [4.404] ZwOpenKey
SSDT 86556A4E System [4.404] ZwOpenProcess
SSDT 86556AD6 System [4.404] ZwOpenThread
SSDT 8655738B System [4.404] ZwProtectVirtualMemory
SSDT 86557562 System [4.404] ZwQueryDirectoryFile
SSDT 865568FB System [4.404] ZwQuerySystemInformation
SSDT 8655729F System [4.404] ZwReadVirtualMemory
SSDT 88B21980 System [4.404] ZwResumeThread
SSDT 86556CA1 System [4.404] ZwSetContextThread
SSDT 86557034 System [4.404] ZwSetValueKey
SSDT 86554C9F System [4.404] ZwShutdownSystem
SSDT 86556C2E System [4.404] ZwSuspendThread
SSDT 86556BBB System [4.404] ZwTerminateThread
SSDT 86557315 System [4.404] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:424] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.424] ZwAlpcConnectPort
SSDT 88B892D0 System [4.424] ZwCreateThread
SSDT 86557146 System [4.424] ZwDeleteValueKey
SSDT 86556DDE System [4.424] ZwEnumerateKey
SSDT 86556EF7 System [4.424] ZwEnumerateValueKey
SSDT 88A73C78 System [4.424] ZwLoadDriver
SSDT 86556D14 System [4.424] ZwOpenKey
SSDT 86556A4E System [4.424] ZwOpenProcess
SSDT 86556AD6 System [4.424] ZwOpenThread
SSDT 8655738B System [4.424] ZwProtectVirtualMemory
SSDT 86557562 System [4.424] ZwQueryDirectoryFile
SSDT 865568FB System [4.424] ZwQuerySystemInformation
SSDT 8655729F System [4.424] ZwReadVirtualMemory
SSDT 88B21980 System [4.424] ZwResumeThread
SSDT 86556CA1 System [4.424] ZwSetContextThread
SSDT 86557034 System [4.424] ZwSetValueKey
SSDT 86554C9F System [4.424] ZwShutdownSystem
SSDT 86556C2E System [4.424] ZwSuspendThread
SSDT 86556BBB System [4.424] ZwTerminateThread
SSDT 86557315 System [4.424] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:600] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.600] ZwAlpcConnectPort
SSDT 88B892D0 System [4.600] ZwCreateThread
SSDT 86557146 System [4.600] ZwDeleteValueKey
SSDT 86556DDE System [4.600] ZwEnumerateKey
SSDT 86556EF7 System [4.600] ZwEnumerateValueKey
SSDT 88A73C78 System [4.600] ZwLoadDriver
SSDT 86556D14 System [4.600] ZwOpenKey
SSDT 86556A4E System [4.600] ZwOpenProcess
SSDT 86556AD6 System [4.600] ZwOpenThread
SSDT 8655738B System [4.600] ZwProtectVirtualMemory
SSDT 86557562 System [4.600] ZwQueryDirectoryFile
SSDT 865568FB System [4.600] ZwQuerySystemInformation
SSDT 8655729F System [4.600] ZwReadVirtualMemory
SSDT 88B21980 System [4.600] ZwResumeThread
SSDT 86556CA1 System [4.600] ZwSetContextThread
SSDT 86557034 System [4.600] ZwSetValueKey
SSDT 86554C9F System [4.600] ZwShutdownSystem
SSDT 86556C2E System [4.600] ZwSuspendThread
SSDT 86556BBB System [4.600] ZwTerminateThread
SSDT 86557315 System [4.600] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:644] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.644] ZwAlpcConnectPort
SSDT 88B892D0 System [4.644] ZwCreateThread
SSDT 86557146 System [4.644] ZwDeleteValueKey
SSDT 86556DDE System [4.644] ZwEnumerateKey
SSDT 86556EF7 System [4.644] ZwEnumerateValueKey
SSDT 88A73C78 System [4.644] ZwLoadDriver
SSDT 86556D14 System [4.644] ZwOpenKey
SSDT 86556A4E System [4.644] ZwOpenProcess
SSDT 86556AD6 System [4.644] ZwOpenThread
SSDT 8655738B System [4.644] ZwProtectVirtualMemory
SSDT 86557562 System [4.644] ZwQueryDirectoryFile
SSDT 865568FB System [4.644] ZwQuerySystemInformation
SSDT 8655729F System [4.644] ZwReadVirtualMemory
SSDT 88B21980 System [4.644] ZwResumeThread
SSDT 86556CA1 System [4.644] ZwSetContextThread
SSDT 86557034 System [4.644] ZwSetValueKey
SSDT 86554C9F System [4.644] ZwShutdownSystem
SSDT 86556C2E System [4.644] ZwSuspendThread
SSDT 86556BBB System [4.644] ZwTerminateThread
SSDT 86557315 System [4.644] ZwWriteVirtualMemory



---- Threads - GMER 1.0.15 ----

Thread System [4:12] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.12] ZwAlpcConnectPort
SSDT 88B892D0 System [4.12] ZwCreateThread
SSDT 86557146 System [4.12] ZwDeleteValueKey
SSDT 86556DDE System [4.12] ZwEnumerateKey
SSDT 86556EF7 System [4.12] ZwEnumerateValueKey
SSDT 88A73C78 System [4.12] ZwLoadDriver
SSDT 86556D14 System [4.12] ZwOpenKey
SSDT 86556A4E System [4.12] ZwOpenProcess
SSDT 86556AD6 System [4.12] ZwOpenThread
SSDT 8655738B System [4.12] ZwProtectVirtualMemory
SSDT 86557562 System [4.12] ZwQueryDirectoryFile
SSDT 865568FB System [4.12] ZwQuerySystemInformation
SSDT 8655729F System [4.12] ZwReadVirtualMemory
SSDT 88B21980 System [4.12] ZwResumeThread
SSDT 86556CA1 System [4.12] ZwSetContextThread
SSDT 86557034 System [4.12] ZwSetValueKey
SSDT 86554C9F System [4.12] ZwShutdownSystem
SSDT 86556C2E System [4.12] ZwSuspendThread
SSDT 86556BBB System [4.12] ZwTerminateThread
SSDT 86557315 System [4.12] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:628] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.628] ZwAlpcConnectPort
SSDT 88B892D0 System [4.628] ZwCreateThread
SSDT 86557146 System [4.628] ZwDeleteValueKey
SSDT 86556DDE System [4.628] ZwEnumerateKey
SSDT 86556EF7 System [4.628] ZwEnumerateValueKey
SSDT 88A73C78 System [4.628] ZwLoadDriver
SSDT 86556D14 System [4.628] ZwOpenKey
SSDT 86556A4E System [4.628] ZwOpenProcess
SSDT 86556AD6 System [4.628] ZwOpenThread
SSDT 8655738B System [4.628] ZwProtectVirtualMemory
SSDT 86557562 System [4.628] ZwQueryDirectoryFile
SSDT 865568FB System [4.628] ZwQuerySystemInformation
SSDT 8655729F System [4.628] ZwReadVirtualMemory
SSDT 88B21980 System [4.628] ZwResumeThread
SSDT 86556CA1 System [4.628] ZwSetContextThread
SSDT 86557034 System [4.628] ZwSetValueKey
SSDT 86554C9F System [4.628] ZwShutdownSystem
SSDT 86556C2E System [4.628] ZwSuspendThread
SSDT 86556BBB System [4.628] ZwTerminateThread
SSDT 86557315 System [4.628] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:712] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.712] ZwAlpcConnectPort
SSDT 88B892D0 System [4.712] ZwCreateThread
SSDT 86557146 System [4.712] ZwDeleteValueKey
SSDT 86556DDE System [4.712] ZwEnumerateKey
SSDT 86556EF7 System [4.712] ZwEnumerateValueKey
SSDT 88A73C78 System [4.712] ZwLoadDriver
SSDT 86556D14 System [4.712] ZwOpenKey
SSDT 86556A4E System [4.712] ZwOpenProcess
SSDT 86556AD6 System [4.712] ZwOpenThread
SSDT 8655738B System [4.712] ZwProtectVirtualMemory
SSDT 86557562 System [4.712] ZwQueryDirectoryFile
SSDT 865568FB System [4.712] ZwQuerySystemInformation
SSDT 8655729F System [4.712] ZwReadVirtualMemory
SSDT 88B21980 System [4.712] ZwResumeThread
SSDT 86556CA1 System [4.712] ZwSetContextThread
SSDT 86557034 System [4.712] ZwSetValueKey
SSDT 86554C9F System [4.712] ZwShutdownSystem
SSDT 86556C2E System [4.712] ZwSuspendThread
SSDT 86556BBB System [4.712] ZwTerminateThread
SSDT 86557315 System [4.712] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:696] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.696] ZwAlpcConnectPort
SSDT 88B892D0 System [4.696] ZwCreateThread
SSDT 86557146 System [4.696] ZwDeleteValueKey
SSDT 86556DDE System [4.696] ZwEnumerateKey
SSDT 86556EF7 System [4.696] ZwEnumerateValueKey
SSDT 88A73C78 System [4.696] ZwLoadDriver
SSDT 86556D14 System [4.696] ZwOpenKey
SSDT 86556A4E System [4.696] ZwOpenProcess
SSDT 86556AD6 System [4.696] ZwOpenThread
SSDT 8655738B System [4.696] ZwProtectVirtualMemory
SSDT 86557562 System [4.696] ZwQueryDirectoryFile
SSDT 865568FB System [4.696] ZwQuerySystemInformation
SSDT 8655729F System [4.696] ZwReadVirtualMemory
SSDT 88B21980 System [4.696] ZwResumeThread
SSDT 86556CA1 System [4.696] ZwSetContextThread
SSDT 86557034 System [4.696] ZwSetValueKey
SSDT 86554C9F System [4.696] ZwShutdownSystem
SSDT 86556C2E System [4.696] ZwSuspendThread
SSDT 86556BBB System [4.696] ZwTerminateThread
SSDT 86557315 System [4.696] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:688] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.688] ZwAlpcConnectPort
SSDT 88B892D0 System [4.688] ZwCreateThread
SSDT 86557146 System [4.688] ZwDeleteValueKey
SSDT 86556DDE System [4.688] ZwEnumerateKey
SSDT 86556EF7 System [4.688] ZwEnumerateValueKey
SSDT 88A73C78 System [4.688] ZwLoadDriver
SSDT 86556D14 System [4.688] ZwOpenKey
SSDT 86556A4E System [4.688] ZwOpenProcess
SSDT 86556AD6 System [4.688] ZwOpenThread
SSDT 8655738B System [4.688] ZwProtectVirtualMemory
SSDT 86557562 System [4.688] ZwQueryDirectoryFile
SSDT 865568FB System [4.688] ZwQuerySystemInformation
SSDT 8655729F System [4.688] ZwReadVirtualMemory
SSDT 88B21980 System [4.688] ZwResumeThread
SSDT 86556CA1 System [4.688] ZwSetContextThread
SSDT 86557034 System [4.688] ZwSetValueKey
SSDT 86554C9F System [4.688] ZwShutdownSystem
SSDT 86556C2E System [4.688] ZwSuspendThread
SSDT 86556BBB System [4.688] ZwTerminateThread
SSDT 86557315 System [4.688] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:756] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.756] ZwAlpcConnectPort
SSDT 88B892D0 System [4.756] ZwCreateThread
SSDT 86557146 System [4.756] ZwDeleteValueKey
SSDT 86556DDE System [4.756] ZwEnumerateKey
SSDT 86556EF7 System [4.756] ZwEnumerateValueKey
SSDT 88A73C78 System [4.756] ZwLoadDriver
SSDT 86556D14 System [4.756] ZwOpenKey
SSDT 86556A4E System [4.756] ZwOpenProcess
SSDT 86556AD6 System [4.756] ZwOpenThread
SSDT 8655738B System [4.756] ZwProtectVirtualMemory
SSDT 86557562 System [4.756] ZwQueryDirectoryFile
SSDT 865568FB System [4.756] ZwQuerySystemInformation
SSDT 8655729F System [4.756] ZwReadVirtualMemory
SSDT 88B21980 System [4.756] ZwResumeThread
SSDT 86556CA1 System [4.756] ZwSetContextThread
SSDT 86557034 System [4.756] ZwSetValueKey
SSDT 86554C9F System [4.756] ZwShutdownSystem
SSDT 86556C2E System [4.756] ZwSuspendThread
SSDT 86556BBB System [4.756] ZwTerminateThread
SSDT 86557315 System [4.756] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:816] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.816] ZwAlpcConnectPort
SSDT 88B892D0 System [4.816] ZwCreateThread
SSDT 86557146 System [4.816] ZwDeleteValueKey
SSDT 86556DDE System [4.816] ZwEnumerateKey
SSDT 86556EF7 System [4.816] ZwEnumerateValueKey
SSDT 88A73C78 System [4.816] ZwLoadDriver
SSDT 86556D14 System [4.816] ZwOpenKey
SSDT 86556A4E System [4.816] ZwOpenProcess
SSDT 86556AD6 System [4.816] ZwOpenThread
SSDT 8655738B System [4.816] ZwProtectVirtualMemory
SSDT 86557562 System [4.816] ZwQueryDirectoryFile
SSDT 865568FB System [4.816] ZwQuerySystemInformation
SSDT 8655729F System [4.816] ZwReadVirtualMemory
SSDT 88B21980 System [4.816] ZwResumeThread
SSDT 86556CA1 System [4.816] ZwSetContextThread
SSDT 86557034 System [4.816] ZwSetValueKey
SSDT 86554C9F System [4.816] ZwShutdownSystem
SSDT 86556C2E System [4.816] ZwSuspendThread
SSDT 86556BBB System [4.816] ZwTerminateThread
SSDT 86557315 System [4.816] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:2436] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.2436] ZwAlpcConnectPort
SSDT 88B892D0 System [4.2436] ZwCreateThread
SSDT 86557146 System [4.2436] ZwDeleteValueKey
SSDT 86556DDE System [4.2436] ZwEnumerateKey
SSDT 86556EF7 System [4.2436] ZwEnumerateValueKey
SSDT 88A73C78 System [4.2436] ZwLoadDriver
SSDT 86556D14 System [4.2436] ZwOpenKey
SSDT 86556A4E System [4.2436] ZwOpenProcess
SSDT 86556AD6 System [4.2436] ZwOpenThread
SSDT 8655738B System [4.2436] ZwProtectVirtualMemory
SSDT 86557562 System [4.2436] ZwQueryDirectoryFile
SSDT 865568FB System [4.2436] ZwQuerySystemInformation
SSDT 8655729F System [4.2436] ZwReadVirtualMemory
SSDT 88B21980 System [4.2436] ZwResumeThread
SSDT 86556CA1 System [4.2436] ZwSetContextThread
SSDT 86557034 System [4.2436] ZwSetValueKey
SSDT 86554C9F System [4.2436] ZwShutdownSystem
SSDT 86556C2E System [4.2436] ZwSuspendThread
SSDT 86556BBB System [4.2436] ZwTerminateThread
SSDT 86557315 System [4.2436] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:3184] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.3184] ZwAlpcConnectPort
SSDT 88B892D0 System [4.3184] ZwCreateThread
SSDT 86557146 System [4.3184] ZwDeleteValueKey
SSDT 86556DDE System [4.3184] ZwEnumerateKey
SSDT 86556EF7 System [4.3184] ZwEnumerateValueKey
SSDT 88A73C78 System [4.3184] ZwLoadDriver
SSDT 86556D14 System [4.3184] ZwOpenKey
SSDT 86556A4E System [4.3184] ZwOpenProcess
SSDT 86556AD6 System [4.3184] ZwOpenThread
SSDT 8655738B System [4.3184] ZwProtectVirtualMemory
SSDT 86557562 System [4.3184] ZwQueryDirectoryFile
SSDT 865568FB System [4.3184] ZwQuerySystemInformation
SSDT 8655729F System [4.3184] ZwReadVirtualMemory
SSDT 88B21980 System [4.3184] ZwResumeThread
SSDT 86556CA1 System [4.3184] ZwSetContextThread
SSDT 86557034 System [4.3184] ZwSetValueKey
SSDT 86554C9F System [4.3184] ZwShutdownSystem
SSDT 86556C2E System [4.3184] ZwSuspendThread
SSDT 86556BBB System [4.3184] ZwTerminateThread
SSDT 86557315 System [4.3184] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:640] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.640] ZwAlpcConnectPort
SSDT 88B892D0 System [4.640] ZwCreateThread
SSDT 86557146 System [4.640] ZwDeleteValueKey
SSDT 86556DDE System [4.640] ZwEnumerateKey
SSDT 86556EF7 System [4.640] ZwEnumerateValueKey
SSDT 88A73C78 System [4.640] ZwLoadDriver
SSDT 86556D14 System [4.640] ZwOpenKey
SSDT 86556A4E System [4.640] ZwOpenProcess
SSDT 86556AD6 System [4.640] ZwOpenThread
SSDT 8655738B System [4.640] ZwProtectVirtualMemory
SSDT 86557562 System [4.640] ZwQueryDirectoryFile
SSDT 865568FB System [4.640] ZwQuerySystemInformation
SSDT 8655729F System [4.640] ZwReadVirtualMemory
SSDT 88B21980 System [4.640] ZwResumeThread
SSDT 86556CA1 System [4.640] ZwSetContextThread
SSDT 86557034 System [4.640] ZwSetValueKey
SSDT 86554C9F System [4.640] ZwShutdownSystem
SSDT 86556C2E System [4.640] ZwSuspendThread
SSDT 86556BBB System [4.640] ZwTerminateThread
SSDT 86557315 System [4.640] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:3712] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.3712] ZwAlpcConnectPort
SSDT 88B892D0 System [4.3712] ZwCreateThread
SSDT 86557146 System [4.3712] ZwDeleteValueKey
SSDT 86556DDE System [4.3712] ZwEnumerateKey
SSDT 86556EF7 System [4.3712] ZwEnumerateValueKey
SSDT 88A73C78 System [4.3712] ZwLoadDriver
SSDT 86556D14 System [4.3712] ZwOpenKey
SSDT 86556A4E System [4.3712] ZwOpenProcess
SSDT 86556AD6 System [4.3712] ZwOpenThread
SSDT 8655738B System [4.3712] ZwProtectVirtualMemory
SSDT 86557562 System [4.3712] ZwQueryDirectoryFile
SSDT 865568FB System [4.3712] ZwQuerySystemInformation
SSDT 8655729F System [4.3712] ZwReadVirtualMemory
SSDT 88B21980 System [4.3712] ZwResumeThread
SSDT 86556CA1 System [4.3712] ZwSetContextThread
SSDT 86557034 System [4.3712] ZwSetValueKey
SSDT 86554C9F System [4.3712] ZwShutdownSystem
SSDT 86556C2E System [4.3712] ZwSuspendThread
SSDT 86556BBB System [4.3712] ZwTerminateThread
SSDT 86557315 System [4.3712] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:4432] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.4432] ZwAlpcConnectPort
SSDT 88B892D0 System [4.4432] ZwCreateThread
SSDT 86557146 System [4.4432] ZwDeleteValueKey
SSDT 86556DDE System [4.4432] ZwEnumerateKey
SSDT 86556EF7 System [4.4432] ZwEnumerateValueKey
SSDT 88A73C78 System [4.4432] ZwLoadDriver
SSDT 86556D14 System [4.4432] ZwOpenKey
SSDT 86556A4E System [4.4432] ZwOpenProcess
SSDT 86556AD6 System [4.4432] ZwOpenThread
SSDT 8655738B System [4.4432] ZwProtectVirtualMemory
SSDT 86557562 System [4.4432] ZwQueryDirectoryFile
SSDT 865568FB System [4.4432] ZwQuerySystemInformation
SSDT 8655729F System [4.4432] ZwReadVirtualMemory
SSDT 88B21980 System [4.4432] ZwResumeThread
SSDT 86556CA1 System [4.4432] ZwSetContextThread
SSDT 86557034 System [4.4432] ZwSetValueKey
SSDT 86554C9F System [4.4432] ZwShutdownSystem
SSDT 86556C2E System [4.4432] ZwSuspendThread
SSDT 86556BBB System [4.4432] ZwTerminateThread
SSDT 86557315 System [4.4432] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:4580] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.4580] ZwAlpcConnectPort
SSDT 88B892D0 System [4.4580] ZwCreateThread
SSDT 86557146 System [4.4580] ZwDeleteValueKey
SSDT 86556DDE System [4.4580] ZwEnumerateKey
SSDT 86556EF7 System [4.4580] ZwEnumerateValueKey
SSDT 88A73C78 System [4.4580] ZwLoadDriver
SSDT 86556D14 System [4.4580] ZwOpenKey
SSDT 86556A4E System [4.4580] ZwOpenProcess
SSDT 86556AD6 System [4.4580] ZwOpenThread
SSDT 8655738B System [4.4580] ZwProtectVirtualMemory
SSDT 86557562 System [4.4580] ZwQueryDirectoryFile
SSDT 865568FB System [4.4580] ZwQuerySystemInformation
SSDT 8655729F System [4.4580] ZwReadVirtualMemory
SSDT 88B21980 System [4.4580] ZwResumeThread
SSDT 86556CA1 System [4.4580] ZwSetContextThread
SSDT 86557034 System [4.4580] ZwSetValueKey
SSDT 86554C9F System [4.4580] ZwShutdownSystem
SSDT 86556C2E System [4.4580] ZwSuspendThread
SSDT 86556BBB System [4.4580] ZwTerminateThread
SSDT 86557315 System [4.4580] ZwWriteVirtualMemory



---- Threads - GMER 1.0.15 ----

Thread System [4:3396] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.3396] ZwAlpcConnectPort
SSDT 88B892D0 System [4.3396] ZwCreateThread
SSDT 86557146 System [4.3396] ZwDeleteValueKey
SSDT 86556DDE System [4.3396] ZwEnumerateKey
SSDT 86556EF7 System [4.3396] ZwEnumerateValueKey
SSDT 88A73C78 System [4.3396] ZwLoadDriver
SSDT 86556D14 System [4.3396] ZwOpenKey
SSDT 86556A4E System [4.3396] ZwOpenProcess
SSDT 86556AD6 System [4.3396] ZwOpenThread
SSDT 8655738B System [4.3396] ZwProtectVirtualMemory
SSDT 86557562 System [4.3396] ZwQueryDirectoryFile
SSDT 865568FB System [4.3396] ZwQuerySystemInformation
SSDT 8655729F System [4.3396] ZwReadVirtualMemory
SSDT 88B21980 System [4.3396] ZwResumeThread
SSDT 86556CA1 System [4.3396] ZwSetContextThread
SSDT 86557034 System [4.3396] ZwSetValueKey
SSDT 86554C9F System [4.3396] ZwShutdownSystem
SSDT 86556C2E System [4.3396] ZwSuspendThread
SSDT 86556BBB System [4.3396] ZwTerminateThread
SSDT 86557315 System [4.3396] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:1520] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.1520] ZwAlpcConnectPort
SSDT 88B892D0 System [4.1520] ZwCreateThread
SSDT 86557146 System [4.1520] ZwDeleteValueKey
SSDT 86556DDE System [4.1520] ZwEnumerateKey
SSDT 86556EF7 System [4.1520] ZwEnumerateValueKey
SSDT 88A73C78 System [4.1520] ZwLoadDriver
SSDT 86556D14 System [4.1520] ZwOpenKey
SSDT 86556A4E System [4.1520] ZwOpenProcess
SSDT 86556AD6 System [4.1520] ZwOpenThread
SSDT 8655738B System [4.1520] ZwProtectVirtualMemory
SSDT 86557562 System [4.1520] ZwQueryDirectoryFile
SSDT 865568FB System [4.1520] ZwQuerySystemInformation
SSDT 8655729F System [4.1520] ZwReadVirtualMemory
SSDT 88B21980 System [4.1520] ZwResumeThread
SSDT 86556CA1 System [4.1520] ZwSetContextThread
SSDT 86557034 System [4.1520] ZwSetValueKey
SSDT 86554C9F System [4.1520] ZwShutdownSystem
SSDT 86556C2E System [4.1520] ZwSuspendThread
SSDT 86556BBB System [4.1520] ZwTerminateThread
SSDT 86557315 System [4.1520] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:4980] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.4980] ZwAlpcConnectPort
SSDT 88B892D0 System [4.4980] ZwCreateThread
SSDT 86557146 System [4.4980] ZwDeleteValueKey
SSDT 86556DDE System [4.4980] ZwEnumerateKey
SSDT 86556EF7 System [4.4980] ZwEnumerateValueKey
SSDT 88A73C78 System [4.4980] ZwLoadDriver
SSDT 86556D14 System [4.4980] ZwOpenKey
SSDT 86556A4E System [4.4980] ZwOpenProcess
SSDT 86556AD6 System [4.4980] ZwOpenThread
SSDT 8655738B System [4.4980] ZwProtectVirtualMemory
SSDT 86557562 System [4.4980] ZwQueryDirectoryFile
SSDT 865568FB System [4.4980] ZwQuerySystemInformation
SSDT 8655729F System [4.4980] ZwReadVirtualMemory
SSDT 88B21980 System [4.4980] ZwResumeThread
SSDT 86556CA1 System [4.4980] ZwSetContextThread
SSDT 86557034 System [4.4980] ZwSetValueKey
SSDT 86554C9F System [4.4980] ZwShutdownSystem
SSDT 86556C2E System [4.4980] ZwSuspendThread
SSDT 86556BBB System [4.4980] ZwTerminateThread
SSDT 86557315 System [4.4980] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:7016] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.7016] ZwAlpcConnectPort
SSDT 88B892D0 System [4.7016] ZwCreateThread
SSDT 86557146 System [4.7016] ZwDeleteValueKey
SSDT 86556DDE System [4.7016] ZwEnumerateKey
SSDT 86556EF7 System [4.7016] ZwEnumerateValueKey
SSDT 88A73C78 System [4.7016] ZwLoadDriver
SSDT 86556D14 System [4.7016] ZwOpenKey
SSDT 86556A4E System [4.7016] ZwOpenProcess
SSDT 86556AD6 System [4.7016] ZwOpenThread
SSDT 8655738B System [4.7016] ZwProtectVirtualMemory
SSDT 86557562 System [4.7016] ZwQueryDirectoryFile
SSDT 865568FB System [4.7016] ZwQuerySystemInformation
SSDT 8655729F System [4.7016] ZwReadVirtualMemory
SSDT 88B21980 System [4.7016] ZwResumeThread
SSDT 86556CA1 System [4.7016] ZwSetContextThread
SSDT 86557034 System [4.7016] ZwSetValueKey
SSDT 86554C9F System [4.7016] ZwShutdownSystem
SSDT 86556C2E System [4.7016] ZwSuspendThread
SSDT 86556BBB System [4.7016] ZwTerminateThread
SSDT 86557315 System [4.7016] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:6660] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.6660] ZwAlpcConnectPort
SSDT 88B892D0 System [4.6660] ZwCreateThread
SSDT 86557146 System [4.6660] ZwDeleteValueKey
SSDT 86556DDE System [4.6660] ZwEnumerateKey
SSDT 86556EF7 System [4.6660] ZwEnumerateValueKey
SSDT 88A73C78 System [4.6660] ZwLoadDriver
SSDT 86556D14 System [4.6660] ZwOpenKey
SSDT 86556A4E System [4.6660] ZwOpenProcess
SSDT 86556AD6 System [4.6660] ZwOpenThread
SSDT 8655738B System [4.6660] ZwProtectVirtualMemory
SSDT 86557562 System [4.6660] ZwQueryDirectoryFile
SSDT 865568FB System [4.6660] ZwQuerySystemInformation
SSDT 8655729F System [4.6660] ZwReadVirtualMemory
SSDT 88B21980 System [4.6660] ZwResumeThread
SSDT 86556CA1 System [4.6660] ZwSetContextThread
SSDT 86557034 System [4.6660] ZwSetValueKey
SSDT 86554C9F System [4.6660] ZwShutdownSystem
SSDT 86556C2E System [4.6660] ZwSuspendThread
SSDT 86556BBB System [4.6660] ZwTerminateThread
SSDT 86557315 System [4.6660] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread System [4:9324] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 System [4.9324] ZwAlpcConnectPort
SSDT 88B892D0 System [4.9324] ZwCreateThread
SSDT 86557146 System [4.9324] ZwDeleteValueKey
SSDT 86556DDE System [4.9324] ZwEnumerateKey
SSDT 86556EF7 System [4.9324] ZwEnumerateValueKey
SSDT 88A73C78 System [4.9324] ZwLoadDriver
SSDT 86556D14 System [4.9324] ZwOpenKey
SSDT 86556A4E System [4.9324] ZwOpenProcess
SSDT 86556AD6 System [4.9324] ZwOpenThread
SSDT 8655738B System [4.9324] ZwProtectVirtualMemory
SSDT 86557562 System [4.9324] ZwQueryDirectoryFile
SSDT 865568FB System [4.9324] ZwQuerySystemInformation
SSDT 8655729F System [4.9324] ZwReadVirtualMemory
SSDT 88B21980 System [4.9324] ZwResumeThread
SSDT 86556CA1 System [4.9324] ZwSetContextThread
SSDT 86557034 System [4.9324] ZwSetValueKey
SSDT 86554C9F System [4.9324] ZwShutdownSystem
SSDT 86556C2E System [4.9324] ZwSuspendThread
SSDT 86556BBB System [4.9324] ZwTerminateThread
SSDT 86557315 System [4.9324] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:252] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.252] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.252] ZwCreateThread
SSDT 86557146 svchost.exe [244.252] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.252] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.252] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.252] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.252] ZwOpenKey
SSDT 86556A4E svchost.exe [244.252] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.252] ZwOpenThread
SSDT 8655738B svchost.exe [244.252] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.252] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.252] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.252] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.252] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.252] ZwSetContextThread
SSDT 86557034 svchost.exe [244.252] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.252] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.252] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.252] ZwTerminateThread
SSDT 86557315 svchost.exe [244.252] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:376] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.376] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.376] ZwCreateThread
SSDT 86557146 svchost.exe [244.376] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.376] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.376] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.376] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.376] ZwOpenKey
SSDT 86556A4E svchost.exe [244.376] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.376] ZwOpenThread
SSDT 8655738B svchost.exe [244.376] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.376] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.376] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.376] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.376] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.376] ZwSetContextThread
SSDT 86557034 svchost.exe [244.376] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.376] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.376] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.376] ZwTerminateThread
SSDT 86557315 svchost.exe [244.376] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:384] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.384] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.384] ZwCreateThread
SSDT 86557146 svchost.exe [244.384] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.384] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.384] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.384] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.384] ZwOpenKey
SSDT 86556A4E svchost.exe [244.384] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.384] ZwOpenThread
SSDT 8655738B svchost.exe [244.384] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.384] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.384] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.384] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.384] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.384] ZwSetContextThread
SSDT 86557034 svchost.exe [244.384] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.384] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.384] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.384] ZwTerminateThread
SSDT 86557315 svchost.exe [244.384] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:396] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.396] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.396] ZwCreateThread
SSDT 86557146 svchost.exe [244.396] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.396] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.396] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.396] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.396] ZwOpenKey
SSDT 86556A4E svchost.exe [244.396] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.396] ZwOpenThread
SSDT 8655738B svchost.exe [244.396] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.396] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.396] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.396] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.396] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.396] ZwSetContextThread
SSDT 86557034 svchost.exe [244.396] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.396] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.396] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.396] ZwTerminateThread
SSDT 86557315 svchost.exe [244.396] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:584] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.584] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.584] ZwCreateThread
SSDT 86557146 svchost.exe [244.584] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.584] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.584] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.584] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.584] ZwOpenKey
SSDT 86556A4E svchost.exe [244.584] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.584] ZwOpenThread
SSDT 8655738B svchost.exe [244.584] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.584] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.584] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.584] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.584] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.584] ZwSetContextThread
SSDT 86557034 svchost.exe [244.584] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.584] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.584] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.584] ZwTerminateThread
SSDT 86557315 svchost.exe [244.584] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:580] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.580] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.580] ZwCreateThread
SSDT 86557146 svchost.exe [244.580] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.580] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.580] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.580] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.580] ZwOpenKey
SSDT 86556A4E svchost.exe [244.580] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.580] ZwOpenThread
SSDT 8655738B svchost.exe [244.580] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.580] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.580] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.580] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.580] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.580] ZwSetContextThread
SSDT 86557034 svchost.exe [244.580] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.580] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.580] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.580] ZwTerminateThread
SSDT 86557315 svchost.exe [244.580] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:604] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.604] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.604] ZwCreateThread
SSDT 86557146 svchost.exe [244.604] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.604] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.604] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.604] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.604] ZwOpenKey
SSDT 86556A4E svchost.exe [244.604] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.604] ZwOpenThread
SSDT 8655738B svchost.exe [244.604] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.604] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.604] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.604] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.604] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.604] ZwSetContextThread
SSDT 86557034 svchost.exe [244.604] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.604] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.604] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.604] ZwTerminateThread
SSDT 86557315 svchost.exe [244.604] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:612] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.612] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.612] ZwCreateThread
SSDT 86557146 svchost.exe [244.612] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.612] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.612] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.612] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.612] ZwOpenKey
SSDT 86556A4E svchost.exe [244.612] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.612] ZwOpenThread
SSDT 8655738B svchost.exe [244.612] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.612] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.612] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.612] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.612] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.612] ZwSetContextThread
SSDT 86557034 svchost.exe [244.612] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.612] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.612] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.612] ZwTerminateThread
SSDT 86557315 svchost.exe [244.612] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [244.616] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.616] ZwCreateThread
SSDT 86557146 svchost.exe [244.616] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.616] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.616] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.616] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.616] ZwOpenKey
SSDT 86556A4E svchost.exe [244.616] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.616] ZwOpenThread
SSDT 8655738B svchost.exe [244.616] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.616] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.616] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.616] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.616] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.616] ZwSetContextThread
SSDT 86557034 svchost.exe [244.616] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.616] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.616] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.616] ZwTerminateThread
SSDT 86557315 svchost.exe [244.616] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1336] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1336] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1336] ZwCreateThread
SSDT 86557146 svchost.exe [244.1336] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1336] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1336] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1336] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1336] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1336] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1336] ZwOpenThread
SSDT 8655738B svchost.exe [244.1336] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1336] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1336] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1336] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1336] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1336] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1336] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1336] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1336] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1336] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1336] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1116] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1116] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1116] ZwCreateThread
SSDT 86557146 svchost.exe [244.1116] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1116] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1116] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1116] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1116] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1116] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1116] ZwOpenThread
SSDT 8655738B svchost.exe [244.1116] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1116] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1116] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1116] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1116] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1116] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1116] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1116] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1116] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1116] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1116] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1616] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1616] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1616] ZwCreateThread
SSDT 86557146 svchost.exe [244.1616] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1616] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1616] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1616] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1616] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1616] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1616] ZwOpenThread
SSDT 8655738B svchost.exe [244.1616] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1616] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1616] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1616] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1616] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1616] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1616] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1616] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1616] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1616] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1616] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1644] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1644] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1644] ZwCreateThread
SSDT 86557146 svchost.exe [244.1644] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1644] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1644] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1644] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1644] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1644] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1644] ZwOpenThread
SSDT 8655738B svchost.exe [244.1644] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1644] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1644] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1644] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1644] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1644] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1644] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1644] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1644] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1644] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1644] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1656] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1656] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1656] ZwCreateThread
SSDT 86557146 svchost.exe [244.1656] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1656] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1656] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1656] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1656] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1656] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1656] ZwOpenThread
SSDT 8655738B svchost.exe [244.1656] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1656] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1656] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1656] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1656] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1656] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1656] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1656] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1656] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1656] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1656] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1664] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1664] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1664] ZwCreateThread
SSDT 86557146 svchost.exe [244.1664] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1664] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1664] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1664] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1664] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1664] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1664] ZwOpenThread
SSDT 8655738B svchost.exe [244.1664] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1664] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1664] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1664] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1664] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1664] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1664] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1664] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1664] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1664] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1664] ZwWriteVirtualMemory



---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:1672] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.1672] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.1672] ZwCreateThread
SSDT 86557146 svchost.exe [244.1672] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.1672] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.1672] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.1672] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.1672] ZwOpenKey
SSDT 86556A4E svchost.exe [244.1672] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.1672] ZwOpenThread
SSDT 8655738B svchost.exe [244.1672] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.1672] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.1672] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.1672] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.1672] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.1672] ZwSetContextThread
SSDT 86557034 svchost.exe [244.1672] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.1672] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.1672] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.1672] ZwTerminateThread
SSDT 86557315 svchost.exe [244.1672] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:6396] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.6396] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.6396] ZwCreateThread
SSDT 86557146 svchost.exe [244.6396] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.6396] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.6396] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.6396] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.6396] ZwOpenKey
SSDT 86556A4E svchost.exe [244.6396] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.6396] ZwOpenThread
SSDT 8655738B svchost.exe [244.6396] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.6396] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.6396] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.6396] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.6396] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.6396] ZwSetContextThread
SSDT 86557034 svchost.exe [244.6396] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.6396] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.6396] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.6396] ZwTerminateThread
SSDT 86557315 svchost.exe [244.6396] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:6392] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.6392] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.6392] ZwCreateThread
SSDT 86557146 svchost.exe [244.6392] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.6392] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.6392] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.6392] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.6392] ZwOpenKey
SSDT 86556A4E svchost.exe [244.6392] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.6392] ZwOpenThread
SSDT 8655738B svchost.exe [244.6392] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.6392] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.6392] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.6392] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.6392] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.6392] ZwSetContextThread
SSDT 86557034 svchost.exe [244.6392] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.6392] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.6392] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.6392] ZwTerminateThread
SSDT 86557315 svchost.exe [244.6392] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:6364] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.6364] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.6364] ZwCreateThread
SSDT 86557146 svchost.exe [244.6364] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.6364] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.6364] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.6364] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.6364] ZwOpenKey
SSDT 86556A4E svchost.exe [244.6364] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.6364] ZwOpenThread
SSDT 8655738B svchost.exe [244.6364] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.6364] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.6364] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.6364] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.6364] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.6364] ZwSetContextThread
SSDT 86557034 svchost.exe [244.6364] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.6364] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.6364] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.6364] ZwTerminateThread
SSDT 86557315 svchost.exe [244.6364] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:6376] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.6376] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.6376] ZwCreateThread
SSDT 86557146 svchost.exe [244.6376] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.6376] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.6376] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.6376] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.6376] ZwOpenKey
SSDT 86556A4E svchost.exe [244.6376] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.6376] ZwOpenThread
SSDT 8655738B svchost.exe [244.6376] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.6376] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.6376] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.6376] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.6376] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.6376] ZwSetContextThread
SSDT 86557034 svchost.exe [244.6376] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.6376] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.6376] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.6376] ZwTerminateThread
SSDT 86557315 svchost.exe [244.6376] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:7940] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.7940] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.7940] ZwCreateThread
SSDT 86557146 svchost.exe [244.7940] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.7940] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.7940] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.7940] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.7940] ZwOpenKey
SSDT 86556A4E svchost.exe [244.7940] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.7940] ZwOpenThread
SSDT 8655738B svchost.exe [244.7940] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.7940] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.7940] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.7940] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.7940] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.7940] ZwSetContextThread
SSDT 86557034 svchost.exe [244.7940] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.7940] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.7940] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.7940] ZwTerminateThread
SSDT 86557315 svchost.exe [244.7940] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:7936] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.7936] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.7936] ZwCreateThread
SSDT 86557146 svchost.exe [244.7936] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.7936] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.7936] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.7936] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.7936] ZwOpenKey
SSDT 86556A4E svchost.exe [244.7936] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.7936] ZwOpenThread
SSDT 8655738B svchost.exe [244.7936] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.7936] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.7936] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.7936] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.7936] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.7936] ZwSetContextThread
SSDT 86557034 svchost.exe [244.7936] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.7936] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.7936] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.7936] ZwTerminateThread
SSDT 86557315 svchost.exe [244.7936] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:7924] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.7924] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.7924] ZwCreateThread
SSDT 86557146 svchost.exe [244.7924] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.7924] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.7924] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.7924] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.7924] ZwOpenKey
SSDT 86556A4E svchost.exe [244.7924] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.7924] ZwOpenThread
SSDT 8655738B svchost.exe [244.7924] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.7924] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.7924] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.7924] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.7924] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.7924] ZwSetContextThread
SSDT 86557034 svchost.exe [244.7924] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.7924] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.7924] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.7924] ZwTerminateThread
SSDT 86557315 svchost.exe [244.7924] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:7948] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.7948] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.7948] ZwCreateThread
SSDT 86557146 svchost.exe [244.7948] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.7948] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.7948] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.7948] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.7948] ZwOpenKey
SSDT 86556A4E svchost.exe [244.7948] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.7948] ZwOpenThread
SSDT 8655738B svchost.exe [244.7948] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.7948] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.7948] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.7948] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.7948] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.7948] ZwSetContextThread
SSDT 86557034 svchost.exe [244.7948] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.7948] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.7948] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.7948] ZwTerminateThread
SSDT 86557315 svchost.exe [244.7948] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:7932] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.7932] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.7932] ZwCreateThread
SSDT 86557146 svchost.exe [244.7932] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.7932] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.7932] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.7932] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.7932] ZwOpenKey
SSDT 86556A4E svchost.exe [244.7932] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.7932] ZwOpenThread
SSDT 8655738B svchost.exe [244.7932] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.7932] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.7932] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.7932] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.7932] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.7932] ZwSetContextThread
SSDT 86557034 svchost.exe [244.7932] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.7932] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.7932] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.7932] ZwTerminateThread
SSDT 86557315 svchost.exe [244.7932] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:4532] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.4532] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.4532] ZwCreateThread
SSDT 86557146 svchost.exe [244.4532] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.4532] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.4532] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.4532] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.4532] ZwOpenKey
SSDT 86556A4E svchost.exe [244.4532] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.4532] ZwOpenThread
SSDT 8655738B svchost.exe [244.4532] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.4532] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.4532] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.4532] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.4532] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.4532] ZwSetContextThread
SSDT 86557034 svchost.exe [244.4532] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.4532] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.4532] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.4532] ZwTerminateThread
SSDT 86557315 svchost.exe [244.4532] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:2612] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.2612] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.2612] ZwCreateThread
SSDT 86557146 svchost.exe [244.2612] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.2612] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.2612] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.2612] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.2612] ZwOpenKey
SSDT 86556A4E svchost.exe [244.2612] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.2612] ZwOpenThread
SSDT 8655738B svchost.exe [244.2612] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.2612] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.2612] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.2612] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.2612] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.2612] ZwSetContextThread
SSDT 86557034 svchost.exe [244.2612] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.2612] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.2612] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.2612] ZwTerminateThread
SSDT 86557315 svchost.exe [244.2612] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [244:6488] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [244.6488] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [244.6488] ZwCreateThread
SSDT 86557146 svchost.exe [244.6488] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [244.6488] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [244.6488] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [244.6488] ZwLoadDriver
SSDT 86556D14 svchost.exe [244.6488] ZwOpenKey
SSDT 86556A4E svchost.exe [244.6488] ZwOpenProcess
SSDT 86556AD6 svchost.exe [244.6488] ZwOpenThread
SSDT 8655738B svchost.exe [244.6488] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [244.6488] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [244.6488] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [244.6488] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [244.6488] ZwResumeThread
SSDT 86556CA1 svchost.exe [244.6488] ZwSetContextThread
SSDT 86557034 svchost.exe [244.6488] ZwSetValueKey
SSDT 86554C9F svchost.exe [244.6488] ZwShutdownSystem
SSDT 86556C2E svchost.exe [244.6488] ZwSuspendThread
SSDT 86556BBB svchost.exe [244.6488] ZwTerminateThread
SSDT 86557315 svchost.exe [244.6488] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread o2flash.exe [416:564] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 o2flash.exe [416.564] ZwAlpcConnectPort
SSDT 88B892D0 o2flash.exe [416.564] ZwCreateThread
SSDT 86557146 o2flash.exe [416.564] ZwDeleteValueKey
SSDT 86556DDE o2flash.exe [416.564] ZwEnumerateKey
SSDT 86556EF7 o2flash.exe [416.564] ZwEnumerateValueKey
SSDT 88A73C78 o2flash.exe [416.564] ZwLoadDriver
SSDT 86556D14 o2flash.exe [416.564] ZwOpenKey
SSDT 86556A4E o2flash.exe [416.564] ZwOpenProcess
SSDT 86556AD6 o2flash.exe [416.564] ZwOpenThread
SSDT 8655738B o2flash.exe [416.564] ZwProtectVirtualMemory
SSDT 86557562 o2flash.exe [416.564] ZwQueryDirectoryFile
SSDT 865568FB o2flash.exe [416.564] ZwQuerySystemInformation
SSDT 8655729F o2flash.exe [416.564] ZwReadVirtualMemory
SSDT 88B21980 o2flash.exe [416.564] ZwResumeThread
SSDT 86556CA1 o2flash.exe [416.564] ZwSetContextThread
SSDT 86557034 o2flash.exe [416.564] ZwSetValueKey
SSDT 86554C9F o2flash.exe [416.564] ZwShutdownSystem
SSDT 86556C2E o2flash.exe [416.564] ZwSuspendThread
SSDT 86556BBB o2flash.exe [416.564] ZwTerminateThread
SSDT 86557315 o2flash.exe [416.564] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread o2flash.exe [416:1132] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 o2flash.exe [416.1132] ZwAlpcConnectPort
SSDT 88B892D0 o2flash.exe [416.1132] ZwCreateThread
SSDT 86557146 o2flash.exe [416.1132] ZwDeleteValueKey
SSDT 86556DDE o2flash.exe [416.1132] ZwEnumerateKey
SSDT 86556EF7 o2flash.exe [416.1132] ZwEnumerateValueKey
SSDT 88A73C78 o2flash.exe [416.1132] ZwLoadDriver
SSDT 86556D14 o2flash.exe [416.1132] ZwOpenKey
SSDT 86556A4E o2flash.exe [416.1132] ZwOpenProcess
SSDT 86556AD6 o2flash.exe [416.1132] ZwOpenThread
SSDT 8655738B o2flash.exe [416.1132] ZwProtectVirtualMemory
SSDT 86557562 o2flash.exe [416.1132] ZwQueryDirectoryFile
SSDT 865568FB o2flash.exe [416.1132] ZwQuerySystemInformation
SSDT 8655729F o2flash.exe [416.1132] ZwReadVirtualMemory
SSDT 88B21980 o2flash.exe [416.1132] ZwResumeThread
SSDT 86556CA1 o2flash.exe [416.1132] ZwSetContextThread
SSDT 86557034 o2flash.exe [416.1132] ZwSetValueKey
SSDT 86554C9F o2flash.exe [416.1132] ZwShutdownSystem
SSDT 86556C2E o2flash.exe [416.1132] ZwSuspendThread
SSDT 86556BBB o2flash.exe [416.1132] ZwTerminateThread
SSDT 86557315 o2flash.exe [416.1132] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread smss.exe [552:556] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 smss.exe [552.556] ZwAlpcConnectPort
SSDT 88B892D0 smss.exe [552.556] ZwCreateThread
SSDT 86557146 smss.exe [552.556] ZwDeleteValueKey
SSDT 86556DDE smss.exe [552.556] ZwEnumerateKey
SSDT 86556EF7 smss.exe [552.556] ZwEnumerateValueKey
SSDT 88A73C78 smss.exe [552.556] ZwLoadDriver
SSDT 86556D14 smss.exe [552.556] ZwOpenKey
SSDT 86556A4E smss.exe [552.556] ZwOpenProcess
SSDT 86556AD6 smss.exe [552.556] ZwOpenThread
SSDT 8655738B smss.exe [552.556] ZwProtectVirtualMemory
SSDT 86557562 smss.exe [552.556] ZwQueryDirectoryFile
SSDT 865568FB smss.exe [552.556] ZwQuerySystemInformation
SSDT 8655729F smss.exe [552.556] ZwReadVirtualMemory
SSDT 88B21980 smss.exe [552.556] ZwResumeThread
SSDT 86556CA1 smss.exe [552.556] ZwSetContextThread
SSDT 86557034 smss.exe [552.556] ZwSetValueKey
SSDT 86554C9F smss.exe [552.556] ZwShutdownSystem
SSDT 86556C2E smss.exe [552.556] ZwSuspendThread
SSDT 86556BBB smss.exe [552.556] ZwTerminateThread
SSDT 86557315 smss.exe [552.556] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread smss.exe [552:620] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 smss.exe [552.620] ZwAlpcConnectPort
SSDT 88B892D0 smss.exe [552.620] ZwCreateThread
SSDT 86557146 smss.exe [552.620] ZwDeleteValueKey
SSDT 86556DDE smss.exe [552.620] ZwEnumerateKey
SSDT 86556EF7 smss.exe [552.620] ZwEnumerateValueKey
SSDT 88A73C78 smss.exe [552.620] ZwLoadDriver
SSDT 86556D14 smss.exe [552.620] ZwOpenKey
SSDT 86556A4E smss.exe [552.620] ZwOpenProcess
SSDT 86556AD6 smss.exe [552.620] ZwOpenThread
SSDT 8655738B smss.exe [552.620] ZwProtectVirtualMemory
SSDT 86557562 smss.exe [552.620] ZwQueryDirectoryFile
SSDT 865568FB smss.exe [552.620] ZwQuerySystemInformation
SSDT 8655729F smss.exe [552.620] ZwReadVirtualMemory
SSDT 88B21980 smss.exe [552.620] ZwResumeThread
SSDT 86556CA1 smss.exe [552.620] ZwSetContextThread
SSDT 86557034 smss.exe [552.620] ZwSetValueKey
SSDT 86554C9F smss.exe [552.620] ZwShutdownSystem
SSDT 86556C2E smss.exe [552.620] ZwSuspendThread
SSDT 86556BBB smss.exe [552.620] ZwTerminateThread
SSDT 86557315 smss.exe [552.620] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread smss.exe [552:632] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 smss.exe [552.632] ZwAlpcConnectPort
SSDT 88B892D0 smss.exe [552.632] ZwCreateThread
SSDT 86557146 smss.exe [552.632] ZwDeleteValueKey
SSDT 86556DDE smss.exe [552.632] ZwEnumerateKey
SSDT 86556EF7 smss.exe [552.632] ZwEnumerateValueKey
SSDT 88A73C78 smss.exe [552.632] ZwLoadDriver
SSDT 86556D14 smss.exe [552.632] ZwOpenKey
SSDT 86556A4E smss.exe [552.632] ZwOpenProcess
SSDT 86556AD6 smss.exe [552.632] ZwOpenThread
SSDT 8655738B smss.exe [552.632] ZwProtectVirtualMemory
SSDT 86557562 smss.exe [552.632] ZwQueryDirectoryFile
SSDT 865568FB smss.exe [552.632] ZwQuerySystemInformation
SSDT 8655729F smss.exe [552.632] ZwReadVirtualMemory
SSDT 88B21980 smss.exe [552.632] ZwResumeThread
SSDT 86556CA1 smss.exe [552.632] ZwSetContextThread
SSDT 86557034 smss.exe [552.632] ZwSetValueKey
SSDT 86554C9F smss.exe [552.632] ZwShutdownSystem
SSDT 86556C2E smss.exe [552.632] ZwSuspendThread
SSDT 86556BBB smss.exe [552.632] ZwTerminateThread
SSDT 86557315 smss.exe [552.632] ZwWriteVirtualMemory



#3 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 05:55 PM

---- Threads - GMER 1.0.15 ----

Thread smss.exe [552:680] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 smss.exe [552.680] ZwAlpcConnectPort
SSDT 88B892D0 smss.exe [552.680] ZwCreateThread
SSDT 86557146 smss.exe [552.680] ZwDeleteValueKey
SSDT 86556DDE smss.exe [552.680] ZwEnumerateKey
SSDT 86556EF7 smss.exe [552.680] ZwEnumerateValueKey
SSDT 88A73C78 smss.exe [552.680] ZwLoadDriver
SSDT 86556D14 smss.exe [552.680] ZwOpenKey
SSDT 86556A4E smss.exe [552.680] ZwOpenProcess
SSDT 86556AD6 smss.exe [552.680] ZwOpenThread
SSDT 8655738B smss.exe [552.680] ZwProtectVirtualMemory
SSDT 86557562 smss.exe [552.680] ZwQueryDirectoryFile
SSDT 865568FB smss.exe [552.680] ZwQuerySystemInformation
SSDT 8655729F smss.exe [552.680] ZwReadVirtualMemory
SSDT 88B21980 smss.exe [552.680] ZwResumeThread
SSDT 86556CA1 smss.exe [552.680] ZwSetContextThread
SSDT 86557034 smss.exe [552.680] ZwSetValueKey
SSDT 86554C9F smss.exe [552.680] ZwShutdownSystem
SSDT 86556C2E smss.exe [552.680] ZwSuspendThread
SSDT 86556BBB smss.exe [552.680] ZwTerminateThread
SSDT 86557315 smss.exe [552.680] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:664] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.664] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.664] ZwCreateThread
SSDT 86557146 csrss.exe [636.664] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.664] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.664] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.664] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.664] ZwOpenKey
SSDT 86556A4E csrss.exe [636.664] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.664] ZwOpenThread
SSDT 8655738B csrss.exe [636.664] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.664] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.664] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.664] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.664] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.664] ZwSetContextThread
SSDT 86557034 csrss.exe [636.664] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.664] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.664] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.664] ZwTerminateThread
SSDT 86557315 csrss.exe [636.664] ZwWriteVirtualMemory
SSDT 88A73ED8 csrss.exe [636.668] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.668] ZwCreateThread
SSDT 86557146 csrss.exe [636.668] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.668] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.668] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.668] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.668] ZwOpenKey
SSDT 86556A4E csrss.exe [636.668] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.668] ZwOpenThread
SSDT 8655738B csrss.exe [636.668] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.668] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.668] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.668] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.668] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.668] ZwSetContextThread
SSDT 86557034 csrss.exe [636.668] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.668] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.668] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.668] ZwTerminateThread
SSDT 86557315 csrss.exe [636.668] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:672] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.672] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.672] ZwCreateThread
SSDT 86557146 csrss.exe [636.672] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.672] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.672] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.672] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.672] ZwOpenKey
SSDT 86556A4E csrss.exe [636.672] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.672] ZwOpenThread
SSDT 8655738B csrss.exe [636.672] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.672] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.672] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.672] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.672] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.672] ZwSetContextThread
SSDT 86557034 csrss.exe [636.672] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.672] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.672] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.672] ZwTerminateThread
SSDT 86557315 csrss.exe [636.672] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:676] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.676] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.676] ZwCreateThread
SSDT 86557146 csrss.exe [636.676] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.676] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.676] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.676] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.676] ZwOpenKey
SSDT 86556A4E csrss.exe [636.676] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.676] ZwOpenThread
SSDT 8655738B csrss.exe [636.676] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.676] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.676] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.676] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.676] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.676] ZwSetContextThread
SSDT 86557034 csrss.exe [636.676] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.676] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.676] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.676] ZwTerminateThread
SSDT 86557315 csrss.exe [636.676] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:708] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.708] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.708] ZwCreateThread
SSDT 86557146 csrss.exe [636.708] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.708] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.708] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.708] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.708] ZwOpenKey
SSDT 86556A4E csrss.exe [636.708] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.708] ZwOpenThread
SSDT 8655738B csrss.exe [636.708] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.708] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.708] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.708] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.708] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.708] ZwSetContextThread
SSDT 86557034 csrss.exe [636.708] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.708] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.708] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.708] ZwTerminateThread
SSDT 86557315 csrss.exe [636.708] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:764] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.764] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.764] ZwCreateThread
SSDT 86557146 csrss.exe [636.764] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.764] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.764] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.764] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.764] ZwOpenKey
SSDT 86556A4E csrss.exe [636.764] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.764] ZwOpenThread
SSDT 8655738B csrss.exe [636.764] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.764] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.764] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.764] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.764] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.764] ZwSetContextThread
SSDT 86557034 csrss.exe [636.764] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.764] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.764] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.764] ZwTerminateThread
SSDT 86557315 csrss.exe [636.764] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:772] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.772] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.772] ZwCreateThread
SSDT 86557146 csrss.exe [636.772] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.772] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.772] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.772] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.772] ZwOpenKey
SSDT 86556A4E csrss.exe [636.772] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.772] ZwOpenThread
SSDT 8655738B csrss.exe [636.772] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.772] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.772] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.772] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.772] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.772] ZwSetContextThread
SSDT 86557034 csrss.exe [636.772] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.772] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.772] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.772] ZwTerminateThread
SSDT 86557315 csrss.exe [636.772] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:812] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.812] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.812] ZwCreateThread
SSDT 86557146 csrss.exe [636.812] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.812] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.812] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.812] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.812] ZwOpenKey
SSDT 86556A4E csrss.exe [636.812] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.812] ZwOpenThread
SSDT 8655738B csrss.exe [636.812] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.812] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.812] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.812] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.812] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.812] ZwSetContextThread
SSDT 86557034 csrss.exe [636.812] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.812] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.812] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.812] ZwTerminateThread
SSDT 86557315 csrss.exe [636.812] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:840] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.840] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.840] ZwCreateThread
SSDT 86557146 csrss.exe [636.840] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.840] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.840] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.840] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.840] ZwOpenKey
SSDT 86556A4E csrss.exe [636.840] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.840] ZwOpenThread
SSDT 8655738B csrss.exe [636.840] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.840] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.840] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.840] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.840] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.840] ZwSetContextThread
SSDT 86557034 csrss.exe [636.840] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.840] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.840] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.840] ZwTerminateThread
SSDT 86557315 csrss.exe [636.840] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:860] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.860] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.860] ZwCreateThread
SSDT 86557146 csrss.exe [636.860] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.860] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.860] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.860] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.860] ZwOpenKey
SSDT 86556A4E csrss.exe [636.860] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.860] ZwOpenThread
SSDT 8655738B csrss.exe [636.860] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.860] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.860] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.860] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.860] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.860] ZwSetContextThread
SSDT 86557034 csrss.exe [636.860] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.860] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.860] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.860] ZwTerminateThread
SSDT 86557315 csrss.exe [636.860] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:1380] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.1380] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.1380] ZwCreateThread
SSDT 86557146 csrss.exe [636.1380] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.1380] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.1380] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.1380] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.1380] ZwOpenKey
SSDT 86556A4E csrss.exe [636.1380] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.1380] ZwOpenThread
SSDT 8655738B csrss.exe [636.1380] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.1380] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.1380] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.1380] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.1380] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.1380] ZwSetContextThread
SSDT 86557034 csrss.exe [636.1380] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.1380] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.1380] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.1380] ZwTerminateThread
SSDT 86557315 csrss.exe [636.1380] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [636:6068] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [636.6068] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [636.6068] ZwCreateThread
SSDT 86557146 csrss.exe [636.6068] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [636.6068] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [636.6068] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [636.6068] ZwLoadDriver
SSDT 86556D14 csrss.exe [636.6068] ZwOpenKey
SSDT 86556A4E csrss.exe [636.6068] ZwOpenProcess
SSDT 86556AD6 csrss.exe [636.6068] ZwOpenThread
SSDT 8655738B csrss.exe [636.6068] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [636.6068] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [636.6068] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [636.6068] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [636.6068] ZwResumeThread
SSDT 86556CA1 csrss.exe [636.6068] ZwSetContextThread
SSDT 86557034 csrss.exe [636.6068] ZwSetValueKey
SSDT 86554C9F csrss.exe [636.6068] ZwShutdownSystem
SSDT 86556C2E csrss.exe [636.6068] ZwSuspendThread
SSDT 86556BBB csrss.exe [636.6068] ZwTerminateThread
SSDT 86557315 csrss.exe [636.6068] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:716] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.716] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.716] ZwCreateThread
SSDT 86557146 csrss.exe [692.716] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.716] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.716] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.716] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.716] ZwOpenKey
SSDT 86556A4E csrss.exe [692.716] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.716] ZwOpenThread
SSDT 8655738B csrss.exe [692.716] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.716] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.716] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.716] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.716] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.716] ZwSetContextThread
SSDT 86557034 csrss.exe [692.716] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.716] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.716] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.716] ZwTerminateThread
SSDT 86557315 csrss.exe [692.716] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:720] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.720] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.720] ZwCreateThread
SSDT 86557146 csrss.exe [692.720] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.720] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.720] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.720] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.720] ZwOpenKey
SSDT 86556A4E csrss.exe [692.720] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.720] ZwOpenThread
SSDT 8655738B csrss.exe [692.720] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.720] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.720] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.720] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.720] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.720] ZwSetContextThread
SSDT 86557034 csrss.exe [692.720] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.720] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.720] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.720] ZwTerminateThread
SSDT 86557315 csrss.exe [692.720] ZwWriteVirtualMemory
SSDT 88A73ED8 csrss.exe [692.724] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.724] ZwCreateThread
SSDT 86557146 csrss.exe [692.724] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.724] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.724] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.724] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.724] ZwOpenKey
SSDT 86556A4E csrss.exe [692.724] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.724] ZwOpenThread
SSDT 8655738B csrss.exe [692.724] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.724] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.724] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.724] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.724] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.724] ZwSetContextThread
SSDT 86557034 csrss.exe [692.724] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.724] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.724] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.724] ZwTerminateThread
SSDT 86557315 csrss.exe [692.724] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:728] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.728] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.728] ZwCreateThread
SSDT 86557146 csrss.exe [692.728] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.728] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.728] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.728] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.728] ZwOpenKey
SSDT 86556A4E csrss.exe [692.728] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.728] ZwOpenThread
SSDT 8655738B csrss.exe [692.728] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.728] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.728] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.728] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.728] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.728] ZwSetContextThread
SSDT 86557034 csrss.exe [692.728] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.728] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.728] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.728] ZwTerminateThread
SSDT 86557315 csrss.exe [692.728] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:732] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.732] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.732] ZwCreateThread
SSDT 86557146 csrss.exe [692.732] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.732] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.732] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.732] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.732] ZwOpenKey
SSDT 86556A4E csrss.exe [692.732] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.732] ZwOpenThread
SSDT 8655738B csrss.exe [692.732] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.732] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.732] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.732] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.732] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.732] ZwSetContextThread
SSDT 86557034 csrss.exe [692.732] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.732] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.732] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.732] ZwTerminateThread
SSDT 86557315 csrss.exe [692.732] ZwWriteVirtualMemory





---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:752] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.752] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.752] ZwCreateThread
SSDT 86557146 csrss.exe [692.752] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.752] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.752] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.752] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.752] ZwOpenKey
SSDT 86556A4E csrss.exe [692.752] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.752] ZwOpenThread
SSDT 8655738B csrss.exe [692.752] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.752] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.752] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.752] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.752] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.752] ZwSetContextThread
SSDT 86557034 csrss.exe [692.752] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.752] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.752] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.752] ZwTerminateThread
SSDT 86557315 csrss.exe [692.752] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:768] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.768] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.768] ZwCreateThread
SSDT 86557146 csrss.exe [692.768] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.768] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.768] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.768] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.768] ZwOpenKey
SSDT 86556A4E csrss.exe [692.768] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.768] ZwOpenThread
SSDT 8655738B csrss.exe [692.768] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.768] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.768] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.768] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.768] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.768] ZwSetContextThread
SSDT 86557034 csrss.exe [692.768] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.768] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.768] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.768] ZwTerminateThread
SSDT 86557315 csrss.exe [692.768] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:776] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.776] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.776] ZwCreateThread
SSDT 86557146 csrss.exe [692.776] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.776] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.776] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.776] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.776] ZwOpenKey
SSDT 86556A4E csrss.exe [692.776] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.776] ZwOpenThread
SSDT 8655738B csrss.exe [692.776] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.776] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.776] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.776] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.776] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.776] ZwSetContextThread
SSDT 86557034 csrss.exe [692.776] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.776] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.776] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.776] ZwTerminateThread
SSDT 86557315 csrss.exe [692.776] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:3240] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.3240] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.3240] ZwCreateThread
SSDT 86557146 csrss.exe [692.3240] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.3240] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.3240] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.3240] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.3240] ZwOpenKey
SSDT 86556A4E csrss.exe [692.3240] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.3240] ZwOpenThread
SSDT 8655738B csrss.exe [692.3240] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.3240] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.3240] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.3240] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.3240] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.3240] ZwSetContextThread
SSDT 86557034 csrss.exe [692.3240] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.3240] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.3240] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.3240] ZwTerminateThread
SSDT 86557315 csrss.exe [692.3240] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:3688] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.3688] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.3688] ZwCreateThread
SSDT 86557146 csrss.exe [692.3688] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.3688] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.3688] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.3688] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.3688] ZwOpenKey
SSDT 86556A4E csrss.exe [692.3688] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.3688] ZwOpenThread
SSDT 8655738B csrss.exe [692.3688] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.3688] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.3688] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.3688] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.3688] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.3688] ZwSetContextThread
SSDT 86557034 csrss.exe [692.3688] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.3688] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.3688] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.3688] ZwTerminateThread
SSDT 86557315 csrss.exe [692.3688] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [692:3372] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 csrss.exe [692.3372] ZwAlpcConnectPort
SSDT 88B892D0 csrss.exe [692.3372] ZwCreateThread
SSDT 86557146 csrss.exe [692.3372] ZwDeleteValueKey
SSDT 86556DDE csrss.exe [692.3372] ZwEnumerateKey
SSDT 86556EF7 csrss.exe [692.3372] ZwEnumerateValueKey
SSDT 88A73C78 csrss.exe [692.3372] ZwLoadDriver
SSDT 86556D14 csrss.exe [692.3372] ZwOpenKey
SSDT 86556A4E csrss.exe [692.3372] ZwOpenProcess
SSDT 86556AD6 csrss.exe [692.3372] ZwOpenThread
SSDT 8655738B csrss.exe [692.3372] ZwProtectVirtualMemory
SSDT 86557562 csrss.exe [692.3372] ZwQueryDirectoryFile
SSDT 865568FB csrss.exe [692.3372] ZwQuerySystemInformation
SSDT 8655729F csrss.exe [692.3372] ZwReadVirtualMemory
SSDT 88B21980 csrss.exe [692.3372] ZwResumeThread
SSDT 86556CA1 csrss.exe [692.3372] ZwSetContextThread
SSDT 86557034 csrss.exe [692.3372] ZwSetValueKey
SSDT 86554C9F csrss.exe [692.3372] ZwShutdownSystem
SSDT 86556C2E csrss.exe [692.3372] ZwSuspendThread
SSDT 86556BBB csrss.exe [692.3372] ZwTerminateThread
SSDT 86557315 csrss.exe [692.3372] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread wininit.exe [700:704] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 wininit.exe [700.704] ZwAlpcConnectPort
SSDT 88B892D0 wininit.exe [700.704] ZwCreateThread
SSDT 86557146 wininit.exe [700.704] ZwDeleteValueKey
SSDT 86556DDE wininit.exe [700.704] ZwEnumerateKey
SSDT 86556EF7 wininit.exe [700.704] ZwEnumerateValueKey
SSDT 88A73C78 wininit.exe [700.704] ZwLoadDriver
SSDT 86556D14 wininit.exe [700.704] ZwOpenKey
SSDT 86556A4E wininit.exe [700.704] ZwOpenProcess
SSDT 86556AD6 wininit.exe [700.704] ZwOpenThread
SSDT 8655738B wininit.exe [700.704] ZwProtectVirtualMemory
SSDT 86557562 wininit.exe [700.704] ZwQueryDirectoryFile
SSDT 865568FB wininit.exe [700.704] ZwQuerySystemInformation
SSDT 8655729F wininit.exe [700.704] ZwReadVirtualMemory
SSDT 88B21980 wininit.exe [700.704] ZwResumeThread
SSDT 86556CA1 wininit.exe [700.704] ZwSetContextThread
SSDT 86557034 wininit.exe [700.704] ZwSetValueKey
SSDT 86554C9F wininit.exe [700.704] ZwShutdownSystem
SSDT 86556C2E wininit.exe [700.704] ZwSuspendThread
SSDT 86556BBB wininit.exe [700.704] ZwTerminateThread
SSDT 86557315 wininit.exe [700.704] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread wininit.exe [700:736] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 wininit.exe [700.736] ZwAlpcConnectPort
SSDT 88B892D0 wininit.exe [700.736] ZwCreateThread
SSDT 86557146 wininit.exe [700.736] ZwDeleteValueKey
SSDT 86556DDE wininit.exe [700.736] ZwEnumerateKey
SSDT 86556EF7 wininit.exe [700.736] ZwEnumerateValueKey
SSDT 88A73C78 wininit.exe [700.736] ZwLoadDriver
SSDT 86556D14 wininit.exe [700.736] ZwOpenKey
SSDT 86556A4E wininit.exe [700.736] ZwOpenProcess
SSDT 86556AD6 wininit.exe [700.736] ZwOpenThread
SSDT 8655738B wininit.exe [700.736] ZwProtectVirtualMemory
SSDT 86557562 wininit.exe [700.736] ZwQueryDirectoryFile
SSDT 865568FB wininit.exe [700.736] ZwQuerySystemInformation
SSDT 8655729F wininit.exe [700.736] ZwReadVirtualMemory
SSDT 88B21980 wininit.exe [700.736] ZwResumeThread
SSDT 86556CA1 wininit.exe [700.736] ZwSetContextThread
SSDT 86557034 wininit.exe [700.736] ZwSetValueKey
SSDT 86554C9F wininit.exe [700.736] ZwShutdownSystem
SSDT 86556C2E wininit.exe [700.736] ZwSuspendThread
SSDT 86556BBB wininit.exe [700.736] ZwTerminateThread
SSDT 86557315 wininit.exe [700.736] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread wininit.exe [700:796] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 wininit.exe [700.796] ZwAlpcConnectPort
SSDT 88B892D0 wininit.exe [700.796] ZwCreateThread
SSDT 86557146 wininit.exe [700.796] ZwDeleteValueKey
SSDT 86556DDE wininit.exe [700.796] ZwEnumerateKey
SSDT 86556EF7 wininit.exe [700.796] ZwEnumerateValueKey
SSDT 88A73C78 wininit.exe [700.796] ZwLoadDriver
SSDT 86556D14 wininit.exe [700.796] ZwOpenKey
SSDT 86556A4E wininit.exe [700.796] ZwOpenProcess
SSDT 86556AD6 wininit.exe [700.796] ZwOpenThread
SSDT 8655738B wininit.exe [700.796] ZwProtectVirtualMemory
SSDT 86557562 wininit.exe [700.796] ZwQueryDirectoryFile
SSDT 865568FB wininit.exe [700.796] ZwQuerySystemInformation
SSDT 8655729F wininit.exe [700.796] ZwReadVirtualMemory
SSDT 88B21980 wininit.exe [700.796] ZwResumeThread
SSDT 86556CA1 wininit.exe [700.796] ZwSetContextThread
SSDT 86557034 wininit.exe [700.796] ZwSetValueKey
SSDT 86554C9F wininit.exe [700.796] ZwShutdownSystem
SSDT 86556C2E wininit.exe [700.796] ZwSuspendThread
SSDT 86556BBB wininit.exe [700.796] ZwTerminateThread
SSDT 86557315 wininit.exe [700.796] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread winlogon.exe [744:748] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 winlogon.exe [744.748] ZwAlpcConnectPort
SSDT 88B892D0 winlogon.exe [744.748] ZwCreateThread
SSDT 86557146 winlogon.exe [744.748] ZwDeleteValueKey
SSDT 86556DDE winlogon.exe [744.748] ZwEnumerateKey
SSDT 86556EF7 winlogon.exe [744.748] ZwEnumerateValueKey
SSDT 88A73C78 winlogon.exe [744.748] ZwLoadDriver
SSDT 86556D14 winlogon.exe [744.748] ZwOpenKey
SSDT 86556A4E winlogon.exe [744.748] ZwOpenProcess
SSDT 86556AD6 winlogon.exe [744.748] ZwOpenThread
SSDT 8655738B winlogon.exe [744.748] ZwProtectVirtualMemory
SSDT 86557562 winlogon.exe [744.748] ZwQueryDirectoryFile
SSDT 865568FB winlogon.exe [744.748] ZwQuerySystemInformation
SSDT 8655729F winlogon.exe [744.748] ZwReadVirtualMemory
SSDT 88B21980 winlogon.exe [744.748] ZwResumeThread
SSDT 86556CA1 winlogon.exe [744.748] ZwSetContextThread
SSDT 86557034 winlogon.exe [744.748] ZwSetValueKey
SSDT 86554C9F winlogon.exe [744.748] ZwShutdownSystem
SSDT 86556C2E winlogon.exe [744.748] ZwSuspendThread
SSDT 86556BBB winlogon.exe [744.748] ZwTerminateThread
SSDT 86557315 winlogon.exe [744.748] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread winlogon.exe [744:1268] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 winlogon.exe [744.1268] ZwAlpcConnectPort
SSDT 88B892D0 winlogon.exe [744.1268] ZwCreateThread
SSDT 86557146 winlogon.exe [744.1268] ZwDeleteValueKey
SSDT 86556DDE winlogon.exe [744.1268] ZwEnumerateKey
SSDT 86556EF7 winlogon.exe [744.1268] ZwEnumerateValueKey
SSDT 88A73C78 winlogon.exe [744.1268] ZwLoadDriver
SSDT 86556D14 winlogon.exe [744.1268] ZwOpenKey
SSDT 86556A4E winlogon.exe [744.1268] ZwOpenProcess
SSDT 86556AD6 winlogon.exe [744.1268] ZwOpenThread
SSDT 8655738B winlogon.exe [744.1268] ZwProtectVirtualMemory
SSDT 86557562 winlogon.exe [744.1268] ZwQueryDirectoryFile
SSDT 865568FB winlogon.exe [744.1268] ZwQuerySystemInformation
SSDT 8655729F winlogon.exe [744.1268] ZwReadVirtualMemory
SSDT 88B21980 winlogon.exe [744.1268] ZwResumeThread
SSDT 86556CA1 winlogon.exe [744.1268] ZwSetContextThread
SSDT 86557034 winlogon.exe [744.1268] ZwSetValueKey
SSDT 86554C9F winlogon.exe [744.1268] ZwShutdownSystem
SSDT 86556C2E winlogon.exe [744.1268] ZwSuspendThread
SSDT 86556BBB winlogon.exe [744.1268] ZwTerminateThread
SSDT 86557315 winlogon.exe [744.1268] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread winlogon.exe [744:7164] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 winlogon.exe [744.7164] ZwAlpcConnectPort
SSDT 88B892D0 winlogon.exe [744.7164] ZwCreateThread
SSDT 86557146 winlogon.exe [744.7164] ZwDeleteValueKey
SSDT 86556DDE winlogon.exe [744.7164] ZwEnumerateKey
SSDT 86556EF7 winlogon.exe [744.7164] ZwEnumerateValueKey
SSDT 88A73C78 winlogon.exe [744.7164] ZwLoadDriver
SSDT 86556D14 winlogon.exe [744.7164] ZwOpenKey
SSDT 86556A4E winlogon.exe [744.7164] ZwOpenProcess
SSDT 86556AD6 winlogon.exe [744.7164] ZwOpenThread
SSDT 8655738B winlogon.exe [744.7164] ZwProtectVirtualMemory
SSDT 86557562 winlogon.exe [744.7164] ZwQueryDirectoryFile
SSDT 865568FB winlogon.exe [744.7164] ZwQuerySystemInformation
SSDT 8655729F winlogon.exe [744.7164] ZwReadVirtualMemory
SSDT 88B21980 winlogon.exe [744.7164] ZwResumeThread
SSDT 86556CA1 winlogon.exe [744.7164] ZwSetContextThread
SSDT 86557034 winlogon.exe [744.7164] ZwSetValueKey
SSDT 86554C9F winlogon.exe [744.7164] ZwShutdownSystem
SSDT 86556C2E winlogon.exe [744.7164] ZwSuspendThread
SSDT 86556BBB winlogon.exe [744.7164] ZwTerminateThread
SSDT 86557315 winlogon.exe [744.7164] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [780:1840] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RichVideo.exe [780.1840] ZwAlpcConnectPort
SSDT 88B892D0 RichVideo.exe [780.1840] ZwCreateThread
SSDT 86557146 RichVideo.exe [780.1840] ZwDeleteValueKey
SSDT 86556DDE RichVideo.exe [780.1840] ZwEnumerateKey
SSDT 86556EF7 RichVideo.exe [780.1840] ZwEnumerateValueKey
SSDT 88A73C78 RichVideo.exe [780.1840] ZwLoadDriver
SSDT 86556D14 RichVideo.exe [780.1840] ZwOpenKey
SSDT 86556A4E RichVideo.exe [780.1840] ZwOpenProcess
SSDT 86556AD6 RichVideo.exe [780.1840] ZwOpenThread
SSDT 8655738B RichVideo.exe [780.1840] ZwProtectVirtualMemory
SSDT 86557562 RichVideo.exe [780.1840] ZwQueryDirectoryFile
SSDT 865568FB RichVideo.exe [780.1840] ZwQuerySystemInformation
SSDT 8655729F RichVideo.exe [780.1840] ZwReadVirtualMemory
SSDT 88B21980 RichVideo.exe [780.1840] ZwResumeThread
SSDT 86556CA1 RichVideo.exe [780.1840] ZwSetContextThread
SSDT 86557034 RichVideo.exe [780.1840] ZwSetValueKey
SSDT 86554C9F RichVideo.exe [780.1840] ZwShutdownSystem
SSDT 86556C2E RichVideo.exe [780.1840] ZwSuspendThread
SSDT 86556BBB RichVideo.exe [780.1840] ZwTerminateThread
SSDT 86557315 RichVideo.exe [780.1840] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [780:1232] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RichVideo.exe [780.1232] ZwAlpcConnectPort
SSDT 88B892D0 RichVideo.exe [780.1232] ZwCreateThread
SSDT 86557146 RichVideo.exe [780.1232] ZwDeleteValueKey
SSDT 86556DDE RichVideo.exe [780.1232] ZwEnumerateKey
SSDT 86556EF7 RichVideo.exe [780.1232] ZwEnumerateValueKey
SSDT 88A73C78 RichVideo.exe [780.1232] ZwLoadDriver
SSDT 86556D14 RichVideo.exe [780.1232] ZwOpenKey
SSDT 86556A4E RichVideo.exe [780.1232] ZwOpenProcess
SSDT 86556AD6 RichVideo.exe [780.1232] ZwOpenThread
SSDT 8655738B RichVideo.exe [780.1232] ZwProtectVirtualMemory
SSDT 86557562 RichVideo.exe [780.1232] ZwQueryDirectoryFile
SSDT 865568FB RichVideo.exe [780.1232] ZwQuerySystemInformation
SSDT 8655729F RichVideo.exe [780.1232] ZwReadVirtualMemory
SSDT 88B21980 RichVideo.exe [780.1232] ZwResumeThread
SSDT 86556CA1 RichVideo.exe [780.1232] ZwSetContextThread
SSDT 86557034 RichVideo.exe [780.1232] ZwSetValueKey
SSDT 86554C9F RichVideo.exe [780.1232] ZwShutdownSystem
SSDT 86556C2E RichVideo.exe [780.1232] ZwSuspendThread
SSDT 86556BBB RichVideo.exe [780.1232] ZwTerminateThread
SSDT 86557315 RichVideo.exe [780.1232] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [780:2056] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 RichVideo.exe [780.2056] ZwAlpcConnectPort
SSDT 88B892D0 RichVideo.exe [780.2056] ZwCreateThread
SSDT 86557146 RichVideo.exe [780.2056] ZwDeleteValueKey
SSDT 86556DDE RichVideo.exe [780.2056] ZwEnumerateKey
SSDT 86556EF7 RichVideo.exe [780.2056] ZwEnumerateValueKey
SSDT 88A73C78 RichVideo.exe [780.2056] ZwLoadDriver
SSDT 86556D14 RichVideo.exe [780.2056] ZwOpenKey
SSDT 86556A4E RichVideo.exe [780.2056] ZwOpenProcess
SSDT 86556AD6 RichVideo.exe [780.2056] ZwOpenThread
SSDT 8655738B RichVideo.exe [780.2056] ZwProtectVirtualMemory
SSDT 86557562 RichVideo.exe [780.2056] ZwQueryDirectoryFile
SSDT 865568FB RichVideo.exe [780.2056] ZwQuerySystemInformation
SSDT 8655729F RichVideo.exe [780.2056] ZwReadVirtualMemory
SSDT 88B21980 RichVideo.exe [780.2056] ZwResumeThread
SSDT 86556CA1 RichVideo.exe [780.2056] ZwSetContextThread
SSDT 86557034 RichVideo.exe [780.2056] ZwSetValueKey
SSDT 86554C9F RichVideo.exe [780.2056] ZwShutdownSystem
SSDT 86556C2E RichVideo.exe [780.2056] ZwSuspendThread
SSDT 86556BBB RichVideo.exe [780.2056] ZwTerminateThread
SSDT 86557315 RichVideo.exe [780.2056] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [780:5172] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 RichVideo.exe [780.5172] ZwAlpcConnectPort
SSDT 88B892D0 RichVideo.exe [780.5172] ZwCreateThread
SSDT 86557146 RichVideo.exe [780.5172] ZwDeleteValueKey
SSDT 86556DDE RichVideo.exe [780.5172] ZwEnumerateKey
SSDT 86556EF7 RichVideo.exe [780.5172] ZwEnumerateValueKey
SSDT 88A73C78 RichVideo.exe [780.5172] ZwLoadDriver
SSDT 86556D14 RichVideo.exe [780.5172] ZwOpenKey
SSDT 86556A4E RichVideo.exe [780.5172] ZwOpenProcess
SSDT 86556AD6 RichVideo.exe [780.5172] ZwOpenThread
SSDT 8655738B RichVideo.exe [780.5172] ZwProtectVirtualMemory
SSDT 86557562 RichVideo.exe [780.5172] ZwQueryDirectoryFile
SSDT 865568FB RichVideo.exe [780.5172] ZwQuerySystemInformation
SSDT 8655729F RichVideo.exe [780.5172] ZwReadVirtualMemory
SSDT 88B21980 RichVideo.exe [780.5172] ZwResumeThread
SSDT 86556CA1 RichVideo.exe [780.5172] ZwSetContextThread
SSDT 86557034 RichVideo.exe [780.5172] ZwSetValueKey
SSDT 86554C9F RichVideo.exe [780.5172] ZwShutdownSystem
SSDT 86556C2E RichVideo.exe [780.5172] ZwSuspendThread
SSDT 86556BBB RichVideo.exe [780.5172] ZwTerminateThread
SSDT 86557315 RichVideo.exe [780.5172] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread services.exe [788:928] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 services.exe [788.928] ZwAlpcConnectPort
SSDT 88B892D0 services.exe [788.928] ZwCreateThread
SSDT 86557146 services.exe [788.928] ZwDeleteValueKey
SSDT 86556DDE services.exe [788.928] ZwEnumerateKey
SSDT 86556EF7 services.exe [788.928] ZwEnumerateValueKey
SSDT 88A73C78 services.exe [788.928] ZwLoadDriver
SSDT 86556D14 services.exe [788.928] ZwOpenKey
SSDT 86556A4E services.exe [788.928] ZwOpenProcess
SSDT 86556AD6 services.exe [788.928] ZwOpenThread
SSDT 8655738B services.exe [788.928] ZwProtectVirtualMemory
SSDT 86557562 services.exe [788.928] ZwQueryDirectoryFile
SSDT 865568FB services.exe [788.928] ZwQuerySystemInformation
SSDT 8655729F services.exe [788.928] ZwReadVirtualMemory
SSDT 88B21980 services.exe [788.928] ZwResumeThread
SSDT 86556CA1 services.exe [788.928] ZwSetContextThread
SSDT 86557034 services.exe [788.928] ZwSetValueKey
SSDT 86554C9F services.exe [788.928] ZwShutdownSystem
SSDT 86556C2E services.exe [788.928] ZwSuspendThread
SSDT 86556BBB services.exe [788.928] ZwTerminateThread
SSDT 86557315 services.exe [788.928] ZwWriteVirtualMemory
SSDT 88A73ED8 services.exe [788.1028] ZwAlpcConnectPort
SSDT 88B892D0 services.exe [788.1028] ZwCreateThread
SSDT 86557146 services.exe [788.1028] ZwDeleteValueKey
SSDT 86556DDE services.exe [788.1028] ZwEnumerateKey
SSDT 86556EF7 services.exe [788.1028] ZwEnumerateValueKey
SSDT 88A73C78 services.exe [788.1028] ZwLoadDriver
SSDT 86556D14 services.exe [788.1028] ZwOpenKey
SSDT 86556A4E services.exe [788.1028] ZwOpenProcess
SSDT 86556AD6 services.exe [788.1028] ZwOpenThread
SSDT 8655738B services.exe [788.1028] ZwProtectVirtualMemory
SSDT 86557562 services.exe [788.1028] ZwQueryDirectoryFile
SSDT 865568FB services.exe [788.1028] ZwQuerySystemInformation
SSDT 8655729F services.exe [788.1028] ZwReadVirtualMemory
SSDT 88B21980 services.exe [788.1028] ZwResumeThread
SSDT 86556CA1 services.exe [788.1028] ZwSetContextThread
SSDT 86557034 services.exe [788.1028] ZwSetValueKey
SSDT 86554C9F services.exe [788.1028] ZwShutdownSystem
SSDT 86556C2E services.exe [788.1028] ZwSuspendThread
SSDT 86556BBB services.exe [788.1028] ZwTerminateThread
SSDT 86557315 services.exe [788.1028] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread services.exe [788:2268] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 services.exe [788.2268] ZwAlpcConnectPort
SSDT 88B892D0 services.exe [788.2268] ZwCreateThread
SSDT 86557146 services.exe [788.2268] ZwDeleteValueKey
SSDT 86556DDE services.exe [788.2268] ZwEnumerateKey
SSDT 86556EF7 services.exe [788.2268] ZwEnumerateValueKey
SSDT 88A73C78 services.exe [788.2268] ZwLoadDriver
SSDT 86556D14 services.exe [788.2268] ZwOpenKey
SSDT 86556A4E services.exe [788.2268] ZwOpenProcess
SSDT 86556AD6 services.exe [788.2268] ZwOpenThread
SSDT 8655738B services.exe [788.2268] ZwProtectVirtualMemory
SSDT 86557562 services.exe [788.2268] ZwQueryDirectoryFile
SSDT 865568FB services.exe [788.2268] ZwQuerySystemInformation
SSDT 8655729F services.exe [788.2268] ZwReadVirtualMemory
SSDT 88B21980 services.exe [788.2268] ZwResumeThread
SSDT 86556CA1 services.exe [788.2268] ZwSetContextThread
SSDT 86557034 services.exe [788.2268] ZwSetValueKey
SSDT 86554C9F services.exe [788.2268] ZwShutdownSystem
SSDT 86556C2E services.exe [788.2268] ZwSuspendThread
SSDT 86556BBB services.exe [788.2268] ZwTerminateThread
SSDT 86557315 services.exe [788.2268] ZwWriteVirtualMemory





#4 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 05:57 PM

---- Threads - GMER 1.0.15 ----

Thread services.exe [788:2184] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 services.exe [788.2184] ZwAlpcConnectPort
SSDT 88B892D0 services.exe [788.2184] ZwCreateThread
SSDT 86557146 services.exe [788.2184] ZwDeleteValueKey
SSDT 86556DDE services.exe [788.2184] ZwEnumerateKey
SSDT 86556EF7 services.exe [788.2184] ZwEnumerateValueKey
SSDT 88A73C78 services.exe [788.2184] ZwLoadDriver
SSDT 86556D14 services.exe [788.2184] ZwOpenKey
SSDT 86556A4E services.exe [788.2184] ZwOpenProcess
SSDT 86556AD6 services.exe [788.2184] ZwOpenThread
SSDT 8655738B services.exe [788.2184] ZwProtectVirtualMemory
SSDT 86557562 services.exe [788.2184] ZwQueryDirectoryFile
SSDT 865568FB services.exe [788.2184] ZwQuerySystemInformation
SSDT 8655729F services.exe [788.2184] ZwReadVirtualMemory
SSDT 88B21980 services.exe [788.2184] ZwResumeThread
SSDT 86556CA1 services.exe [788.2184] ZwSetContextThread
SSDT 86557034 services.exe [788.2184] ZwSetValueKey
SSDT 86554C9F services.exe [788.2184] ZwShutdownSystem
SSDT 86556C2E services.exe [788.2184] ZwSuspendThread
SSDT 86556BBB services.exe [788.2184] ZwTerminateThread
SSDT 86557315 services.exe [788.2184] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:856] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.856] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.856] ZwCreateThread
SSDT 86557146 lsass.exe [824.856] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.856] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.856] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.856] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.856] ZwOpenKey
SSDT 86556A4E lsass.exe [824.856] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.856] ZwOpenThread
SSDT 8655738B lsass.exe [824.856] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.856] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.856] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.856] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.856] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.856] ZwSetContextThread
SSDT 86557034 lsass.exe [824.856] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.856] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.856] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.856] ZwTerminateThread
SSDT 86557315 lsass.exe [824.856] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:864] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.864] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.864] ZwCreateThread
SSDT 86557146 lsass.exe [824.864] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.864] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.864] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.864] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.864] ZwOpenKey
SSDT 86556A4E lsass.exe [824.864] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.864] ZwOpenThread
SSDT 8655738B lsass.exe [824.864] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.864] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.864] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.864] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.864] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.864] ZwSetContextThread
SSDT 86557034 lsass.exe [824.864] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.864] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.864] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.864] ZwTerminateThread
SSDT 86557315 lsass.exe [824.864] ZwWriteVirtualMemory
SSDT 88A73ED8 lsass.exe [824.868] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.868] ZwCreateThread
SSDT 86557146 lsass.exe [824.868] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.868] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.868] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.868] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.868] ZwOpenKey
SSDT 86556A4E lsass.exe [824.868] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.868] ZwOpenThread
SSDT 8655738B lsass.exe [824.868] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.868] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.868] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.868] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.868] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.868] ZwSetContextThread
SSDT 86557034 lsass.exe [824.868] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.868] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.868] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.868] ZwTerminateThread
SSDT 86557315 lsass.exe [824.868] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:876] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.876] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.876] ZwCreateThread
SSDT 86557146 lsass.exe [824.876] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.876] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.876] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.876] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.876] ZwOpenKey
SSDT 86556A4E lsass.exe [824.876] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.876] ZwOpenThread
SSDT 8655738B lsass.exe [824.876] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.876] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.876] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.876] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.876] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.876] ZwSetContextThread
SSDT 86557034 lsass.exe [824.876] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.876] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.876] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.876] ZwTerminateThread
SSDT 86557315 lsass.exe [824.876] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:900] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.900] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.900] ZwCreateThread
SSDT 86557146 lsass.exe [824.900] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.900] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.900] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.900] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.900] ZwOpenKey
SSDT 86556A4E lsass.exe [824.900] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.900] ZwOpenThread
SSDT 8655738B lsass.exe [824.900] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.900] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.900] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.900] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.900] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.900] ZwSetContextThread
SSDT 86557034 lsass.exe [824.900] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.900] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.900] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.900] ZwTerminateThread
SSDT 86557315 lsass.exe [824.900] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:908] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.908] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.908] ZwCreateThread
SSDT 86557146 lsass.exe [824.908] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.908] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.908] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.908] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.908] ZwOpenKey
SSDT 86556A4E lsass.exe [824.908] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.908] ZwOpenThread
SSDT 8655738B lsass.exe [824.908] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.908] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.908] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.908] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.908] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.908] ZwSetContextThread
SSDT 86557034 lsass.exe [824.908] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.908] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.908] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.908] ZwTerminateThread
SSDT 86557315 lsass.exe [824.908] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:916] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.916] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.916] ZwCreateThread
SSDT 86557146 lsass.exe [824.916] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.916] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.916] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.916] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.916] ZwOpenKey
SSDT 86556A4E lsass.exe [824.916] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.916] ZwOpenThread
SSDT 8655738B lsass.exe [824.916] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.916] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.916] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.916] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.916] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.916] ZwSetContextThread
SSDT 86557034 lsass.exe [824.916] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.916] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.916] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.916] ZwTerminateThread
SSDT 86557315 lsass.exe [824.916] ZwWriteVirtualMemory
SSDT 88A73ED8 lsass.exe [824.1540] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.1540] ZwCreateThread
SSDT 86557146 lsass.exe [824.1540] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.1540] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.1540] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.1540] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.1540] ZwOpenKey
SSDT 86556A4E lsass.exe [824.1540] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.1540] ZwOpenThread
SSDT 8655738B lsass.exe [824.1540] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.1540] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.1540] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.1540] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.1540] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.1540] ZwSetContextThread
SSDT 86557034 lsass.exe [824.1540] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.1540] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.1540] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.1540] ZwTerminateThread
SSDT 86557315 lsass.exe [824.1540] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsass.exe [824:2936] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsass.exe [824.2936] ZwAlpcConnectPort
SSDT 88B892D0 lsass.exe [824.2936] ZwCreateThread
SSDT 86557146 lsass.exe [824.2936] ZwDeleteValueKey
SSDT 86556DDE lsass.exe [824.2936] ZwEnumerateKey
SSDT 86556EF7 lsass.exe [824.2936] ZwEnumerateValueKey
SSDT 88A73C78 lsass.exe [824.2936] ZwLoadDriver
SSDT 86556D14 lsass.exe [824.2936] ZwOpenKey
SSDT 86556A4E lsass.exe [824.2936] ZwOpenProcess
SSDT 86556AD6 lsass.exe [824.2936] ZwOpenThread
SSDT 8655738B lsass.exe [824.2936] ZwProtectVirtualMemory
SSDT 86557562 lsass.exe [824.2936] ZwQueryDirectoryFile
SSDT 865568FB lsass.exe [824.2936] ZwQuerySystemInformation
SSDT 8655729F lsass.exe [824.2936] ZwReadVirtualMemory
SSDT 88B21980 lsass.exe [824.2936] ZwResumeThread
SSDT 86556CA1 lsass.exe [824.2936] ZwSetContextThread
SSDT 86557034 lsass.exe [824.2936] ZwSetValueKey
SSDT 86554C9F lsass.exe [824.2936] ZwShutdownSystem
SSDT 86556C2E lsass.exe [824.2936] ZwSuspendThread
SSDT 86556BBB lsass.exe [824.2936] ZwTerminateThread
SSDT 86557315 lsass.exe [824.2936] ZwWriteVirtualMemory
SSDT 88A73ED8 lsm.exe [832.836] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.836] ZwCreateThread
SSDT 86557146 lsm.exe [832.836] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.836] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.836] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.836] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.836] ZwOpenKey
SSDT 86556A4E lsm.exe [832.836] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.836] ZwOpenThread
SSDT 8655738B lsm.exe [832.836] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.836] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.836] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.836] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.836] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.836] ZwSetContextThread
SSDT 86557034 lsm.exe [832.836] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.836] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.836] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.836] ZwTerminateThread
SSDT 86557315 lsm.exe [832.836] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1172] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1172] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1172] ZwCreateThread
SSDT 86557146 lsm.exe [832.1172] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1172] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1172] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1172] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1172] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1172] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1172] ZwOpenThread
SSDT 8655738B lsm.exe [832.1172] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1172] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1172] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1172] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1172] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1172] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1172] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1172] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1172] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1172] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1172] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1176] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1176] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1176] ZwCreateThread
SSDT 86557146 lsm.exe [832.1176] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1176] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1176] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1176] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1176] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1176] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1176] ZwOpenThread
SSDT 8655738B lsm.exe [832.1176] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1176] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1176] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1176] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1176] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1176] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1176] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1176] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1176] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1176] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1176] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1180] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1180] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1180] ZwCreateThread
SSDT 86557146 lsm.exe [832.1180] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1180] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1180] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1180] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1180] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1180] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1180] ZwOpenThread
SSDT 8655738B lsm.exe [832.1180] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1180] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1180] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1180] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1180] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1180] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1180] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1180] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1180] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1180] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1180] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1184] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1184] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1184] ZwCreateThread
SSDT 86557146 lsm.exe [832.1184] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1184] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1184] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1184] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1184] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1184] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1184] ZwOpenThread
SSDT 8655738B lsm.exe [832.1184] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1184] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1184] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1184] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1184] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1184] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1184] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1184] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1184] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1184] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1184] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1188] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1188] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1188] ZwCreateThread
SSDT 86557146 lsm.exe [832.1188] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1188] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1188] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1188] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1188] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1188] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1188] ZwOpenThread
SSDT 8655738B lsm.exe [832.1188] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1188] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1188] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1188] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1188] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1188] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1188] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1188] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1188] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1188] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1188] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1192] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1192] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1192] ZwCreateThread
SSDT 86557146 lsm.exe [832.1192] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1192] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1192] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1192] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1192] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1192] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1192] ZwOpenThread
SSDT 8655738B lsm.exe [832.1192] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1192] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1192] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1192] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1192] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1192] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1192] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1192] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1192] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1192] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1192] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:1208] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.1208] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.1208] ZwCreateThread
SSDT 86557146 lsm.exe [832.1208] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.1208] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.1208] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.1208] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.1208] ZwOpenKey
SSDT 86556A4E lsm.exe [832.1208] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.1208] ZwOpenThread
SSDT 8655738B lsm.exe [832.1208] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.1208] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.1208] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.1208] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.1208] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.1208] ZwSetContextThread
SSDT 86557034 lsm.exe [832.1208] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.1208] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.1208] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.1208] ZwTerminateThread
SSDT 86557315 lsm.exe [832.1208] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread lsm.exe [832:10224] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 lsm.exe [832.10224] ZwAlpcConnectPort
SSDT 88B892D0 lsm.exe [832.10224] ZwCreateThread
SSDT 86557146 lsm.exe [832.10224] ZwDeleteValueKey
SSDT 86556DDE lsm.exe [832.10224] ZwEnumerateKey
SSDT 86556EF7 lsm.exe [832.10224] ZwEnumerateValueKey
SSDT 88A73C78 lsm.exe [832.10224] ZwLoadDriver
SSDT 86556D14 lsm.exe [832.10224] ZwOpenKey
SSDT 86556A4E lsm.exe [832.10224] ZwOpenProcess
SSDT 86556AD6 lsm.exe [832.10224] ZwOpenThread
SSDT 8655738B lsm.exe [832.10224] ZwProtectVirtualMemory
SSDT 86557562 lsm.exe [832.10224] ZwQueryDirectoryFile
SSDT 865568FB lsm.exe [832.10224] ZwQuerySystemInformation
SSDT 8655729F lsm.exe [832.10224] ZwReadVirtualMemory
SSDT 88B21980 lsm.exe [832.10224] ZwResumeThread
SSDT 86556CA1 lsm.exe [832.10224] ZwSetContextThread
SSDT 86557034 lsm.exe [832.10224] ZwSetValueKey
SSDT 86554C9F lsm.exe [832.10224] ZwShutdownSystem
SSDT 86556C2E lsm.exe [832.10224] ZwSuspendThread
SSDT 86556BBB lsm.exe [832.10224] ZwTerminateThread
SSDT 86557315 lsm.exe [832.10224] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread agrsmsvc.exe [848:544] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 agrsmsvc.exe [848.544] ZwAlpcConnectPort
SSDT 88B892D0 agrsmsvc.exe [848.544] ZwCreateThread
SSDT 86557146 agrsmsvc.exe [848.544] ZwDeleteValueKey
SSDT 86556DDE agrsmsvc.exe [848.544] ZwEnumerateKey
SSDT 86556EF7 agrsmsvc.exe [848.544] ZwEnumerateValueKey
SSDT 88A73C78 agrsmsvc.exe [848.544] ZwLoadDriver
SSDT 86556D14 agrsmsvc.exe [848.544] ZwOpenKey
SSDT 86556A4E agrsmsvc.exe [848.544] ZwOpenProcess
SSDT 86556AD6 agrsmsvc.exe [848.544] ZwOpenThread
SSDT 8655738B agrsmsvc.exe [848.544] ZwProtectVirtualMemory
SSDT 86557562 agrsmsvc.exe [848.544] ZwQueryDirectoryFile
SSDT 865568FB agrsmsvc.exe [848.544] ZwQuerySystemInformation
SSDT 8655729F agrsmsvc.exe [848.544] ZwReadVirtualMemory
SSDT 88B21980 agrsmsvc.exe [848.544] ZwResumeThread
SSDT 86556CA1 agrsmsvc.exe [848.544] ZwSetContextThread
SSDT 86557034 agrsmsvc.exe [848.544] ZwSetValueKey
SSDT 86554C9F agrsmsvc.exe [848.544] ZwShutdownSystem
SSDT 86556C2E agrsmsvc.exe [848.544] ZwSuspendThread
SSDT 86556BBB agrsmsvc.exe [848.544] ZwTerminateThread
SSDT 86557315 agrsmsvc.exe [848.544] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread agrsmsvc.exe [848:1052] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 agrsmsvc.exe [848.1052] ZwAlpcConnectPort
SSDT 88B892D0 agrsmsvc.exe [848.1052] ZwCreateThread
SSDT 86557146 agrsmsvc.exe [848.1052] ZwDeleteValueKey
SSDT 86556DDE agrsmsvc.exe [848.1052] ZwEnumerateKey
SSDT 86556EF7 agrsmsvc.exe [848.1052] ZwEnumerateValueKey
SSDT 88A73C78 agrsmsvc.exe [848.1052] ZwLoadDriver
SSDT 86556D14 agrsmsvc.exe [848.1052] ZwOpenKey
SSDT 86556A4E agrsmsvc.exe [848.1052] ZwOpenProcess
SSDT 86556AD6 agrsmsvc.exe [848.1052] ZwOpenThread
SSDT 8655738B agrsmsvc.exe [848.1052] ZwProtectVirtualMemory
SSDT 86557562 agrsmsvc.exe [848.1052] ZwQueryDirectoryFile
SSDT 865568FB agrsmsvc.exe [848.1052] ZwQuerySystemInformation
SSDT 8655729F agrsmsvc.exe [848.1052] ZwReadVirtualMemory
SSDT 88B21980 agrsmsvc.exe [848.1052] ZwResumeThread
SSDT 86556CA1 agrsmsvc.exe [848.1052] ZwSetContextThread
SSDT 86557034 agrsmsvc.exe [848.1052] ZwSetValueKey
SSDT 86554C9F agrsmsvc.exe [848.1052] ZwShutdownSystem
SSDT 86556C2E agrsmsvc.exe [848.1052] ZwSuspendThread
SSDT 86556BBB agrsmsvc.exe [848.1052] ZwTerminateThread
SSDT 86557315 agrsmsvc.exe [848.1052] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [972:976] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [972.976] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.976] ZwCreateThread
SSDT 86557146 svchost.exe [972.976] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.976] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.976] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.976] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.976] ZwOpenKey
SSDT 86556A4E svchost.exe [972.976] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.976] ZwOpenThread
SSDT 8655738B svchost.exe [972.976] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.976] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.976] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.976] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.976] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.976] ZwSetContextThread
SSDT 86557034 svchost.exe [972.976] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.976] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.976] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.976] ZwTerminateThread
SSDT 86557315 svchost.exe [972.976] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [972.984] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.984] ZwCreateThread
SSDT 86557146 svchost.exe [972.984] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.984] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.984] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.984] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.984] ZwOpenKey
SSDT 86556A4E svchost.exe [972.984] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.984] ZwOpenThread
SSDT 8655738B svchost.exe [972.984] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.984] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.984] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.984] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.984] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.984] ZwSetContextThread
SSDT 86557034 svchost.exe [972.984] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.984] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.984] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.984] ZwTerminateThread
SSDT 86557315 svchost.exe [972.984] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [972.1000] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.1000] ZwCreateThread
SSDT 86557146 svchost.exe [972.1000] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.1000] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.1000] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.1000] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.1000] ZwOpenKey
SSDT 86556A4E svchost.exe [972.1000] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.1000] ZwOpenThread
SSDT 8655738B svchost.exe [972.1000] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.1000] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.1000] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.1000] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.1000] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.1000] ZwSetContextThread
SSDT 86557034 svchost.exe [972.1000] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.1000] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.1000] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.1000] ZwTerminateThread
SSDT 86557315 svchost.exe [972.1000] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [972:1004] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [972.1004] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.1004] ZwCreateThread
SSDT 86557146 svchost.exe [972.1004] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.1004] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.1004] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.1004] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.1004] ZwOpenKey
SSDT 86556A4E svchost.exe [972.1004] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.1004] ZwOpenThread
SSDT 8655738B svchost.exe [972.1004] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.1004] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.1004] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.1004] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.1004] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.1004] ZwSetContextThread
SSDT 86557034 svchost.exe [972.1004] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.1004] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.1004] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.1004] ZwTerminateThread
SSDT 86557315 svchost.exe [972.1004] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [972:1008] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [972.1008] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.1008] ZwCreateThread
SSDT 86557146 svchost.exe [972.1008] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.1008] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.1008] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.1008] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.1008] ZwOpenKey
SSDT 86556A4E svchost.exe [972.1008] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.1008] ZwOpenThread
SSDT 8655738B svchost.exe [972.1008] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.1008] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.1008] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.1008] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.1008] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.1008] ZwSetContextThread
SSDT 86557034 svchost.exe [972.1008] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.1008] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.1008] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.1008] ZwTerminateThread
SSDT 86557315 svchost.exe [972.1008] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [972:1020] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [972.1020] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.1020] ZwCreateThread
SSDT 86557146 svchost.exe [972.1020] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.1020] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.1020] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.1020] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.1020] ZwOpenKey
SSDT 86556A4E svchost.exe [972.1020] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.1020] ZwOpenThread
SSDT 8655738B svchost.exe [972.1020] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.1020] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.1020] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.1020] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.1020] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.1020] ZwSetContextThread
SSDT 86557034 svchost.exe [972.1020] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.1020] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.1020] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.1020] ZwTerminateThread
SSDT 86557315 svchost.exe [972.1020] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [972.1108] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.1108] ZwCreateThread
SSDT 86557146 svchost.exe [972.1108] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.1108] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.1108] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.1108] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.1108] ZwOpenKey
SSDT 86556A4E svchost.exe [972.1108] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.1108] ZwOpenThread
SSDT 8655738B svchost.exe [972.1108] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.1108] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.1108] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.1108] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.1108] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.1108] ZwSetContextThread
SSDT 86557034 svchost.exe [972.1108] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.1108] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.1108] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.1108] ZwTerminateThread
SSDT 86557315 svchost.exe [972.1108] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [972.4112] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.4112] ZwCreateThread
SSDT 86557146 svchost.exe [972.4112] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.4112] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.4112] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.4112] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.4112] ZwOpenKey
SSDT 86556A4E svchost.exe [972.4112] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.4112] ZwOpenThread
SSDT 8655738B svchost.exe [972.4112] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.4112] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.4112] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.4112] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.4112] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.4112] ZwSetContextThread
SSDT 86557034 svchost.exe [972.4112] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.4112] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.4112] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.4112] ZwTerminateThread
SSDT 86557315 svchost.exe [972.4112] ZwWriteVirtualMemory





#5 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 05:59 PM

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [972:9700] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [972.9700] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [972.9700] ZwCreateThread
SSDT 86557146 svchost.exe [972.9700] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [972.9700] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [972.9700] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [972.9700] ZwLoadDriver
SSDT 86556D14 svchost.exe [972.9700] ZwOpenKey
SSDT 86556A4E svchost.exe [972.9700] ZwOpenProcess
SSDT 86556AD6 svchost.exe [972.9700] ZwOpenThread
SSDT 8655738B svchost.exe [972.9700] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [972.9700] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [972.9700] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [972.9700] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [972.9700] ZwResumeThread
SSDT 86556CA1 svchost.exe [972.9700] ZwSetContextThread
SSDT 86557034 svchost.exe [972.9700] ZwSetValueKey
SSDT 86554C9F svchost.exe [972.9700] ZwShutdownSystem
SSDT 86556C2E svchost.exe [972.9700] ZwSuspendThread
SSDT 86556BBB svchost.exe [972.9700] ZwTerminateThread
SSDT 86557315 svchost.exe [972.9700] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1040] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1040] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1040] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1040] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1040] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1040] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1040] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1040] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1040] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1040] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1040] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1040] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1040] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1040] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1040] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1040] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1040] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1040] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1040] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1040] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1040] ZwWriteVirtualMemory
SSDT 88A73ED8 OmniServ.exe [1036.1060] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1060] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1060] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1060] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1060] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1060] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1060] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1060] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1060] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1060] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1060] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1060] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1060] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1060] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1060] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1060] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1060] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1060] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1060] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1060] ZwWriteVirtualMemory
SSDT 88A73ED8 OmniServ.exe [1036.1064] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1064] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1064] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1064] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1064] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1064] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1064] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1064] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1064] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1064] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1064] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1064] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1064] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1064] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1064] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1064] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1064] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1064] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1064] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1064] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1068] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1068] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1068] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1068] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1068] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1068] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1068] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1068] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1068] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1068] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1068] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1068] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1068] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1068] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1068] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1068] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1068] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1068] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1068] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1068] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1068] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1080] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1080] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1080] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1080] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1080] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1080] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1080] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1080] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1080] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1080] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1080] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1080] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1080] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1080] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1080] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1080] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1080] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1080] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1080] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1080] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1080] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1084] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1084] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1084] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1084] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1084] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1084] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1084] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1084] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1084] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1084] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1084] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1084] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1084] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1084] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1084] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1084] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1084] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1084] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1084] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1084] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1084] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1088] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1088] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1088] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1088] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1088] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1088] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1088] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1088] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1088] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1088] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1088] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1088] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1088] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1088] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1088] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1088] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1088] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1088] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1088] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1088] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1088] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1092] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1092] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1092] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1092] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1092] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1092] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1092] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1092] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1092] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1092] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1092] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1092] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1092] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1092] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1092] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1092] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1092] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1092] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1092] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1092] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1092] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1096] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1096] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1096] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1096] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1096] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1096] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1096] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1096] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1096] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1096] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1096] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1096] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1096] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1096] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1096] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1096] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1096] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1096] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1096] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1096] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1096] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1100] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1100] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1100] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1100] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1100] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1100] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1100] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1100] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1100] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1100] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1100] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1100] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1100] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1100] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1100] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1100] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1100] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1100] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1100] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1100] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1100] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread OmniServ.exe [1036:1472] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 OmniServ.exe [1036.1472] ZwAlpcConnectPort
SSDT 88B892D0 OmniServ.exe [1036.1472] ZwCreateThread
SSDT 86557146 OmniServ.exe [1036.1472] ZwDeleteValueKey
SSDT 86556DDE OmniServ.exe [1036.1472] ZwEnumerateKey
SSDT 86556EF7 OmniServ.exe [1036.1472] ZwEnumerateValueKey
SSDT 88A73C78 OmniServ.exe [1036.1472] ZwLoadDriver
SSDT 86556D14 OmniServ.exe [1036.1472] ZwOpenKey
SSDT 86556A4E OmniServ.exe [1036.1472] ZwOpenProcess
SSDT 86556AD6 OmniServ.exe [1036.1472] ZwOpenThread
SSDT 8655738B OmniServ.exe [1036.1472] ZwProtectVirtualMemory
SSDT 86557562 OmniServ.exe [1036.1472] ZwQueryDirectoryFile
SSDT 865568FB OmniServ.exe [1036.1472] ZwQuerySystemInformation
SSDT 8655729F OmniServ.exe [1036.1472] ZwReadVirtualMemory
SSDT 88B21980 OmniServ.exe [1036.1472] ZwResumeThread
SSDT 86556CA1 OmniServ.exe [1036.1472] ZwSetContextThread
SSDT 86557034 OmniServ.exe [1036.1472] ZwSetValueKey
SSDT 86554C9F OmniServ.exe [1036.1472] ZwShutdownSystem
SSDT 86556C2E OmniServ.exe [1036.1472] ZwSuspendThread
SSDT 86556BBB OmniServ.exe [1036.1472] ZwTerminateThread
SSDT 86557315 OmniServ.exe [1036.1472] ZwWriteVirtualMemory
SSDT 88A73ED8 AppleMobileDeviceService.exe [1104.960] ZwAlpcConnectPort
SSDT 88B892D0 AppleMobileDeviceService.exe [1104.960] ZwCreateThread
SSDT 86557146 AppleMobileDeviceService.exe [1104.960] ZwDeleteValueKey
SSDT 86556DDE AppleMobileDeviceService.exe [1104.960] ZwEnumerateKey
SSDT 86556EF7 AppleMobileDeviceService.exe [1104.960] ZwEnumerateValueKey
SSDT 88A73C78 AppleMobileDeviceService.exe [1104.960] ZwLoadDriver
SSDT 86556D14 AppleMobileDeviceService.exe [1104.960] ZwOpenKey
SSDT 86556A4E AppleMobileDeviceService.exe [1104.960] ZwOpenProcess
SSDT 86556AD6 AppleMobileDeviceService.exe [1104.960] ZwOpenThread
SSDT 8655738B AppleMobileDeviceService.exe [1104.960] ZwProtectVirtualMemory
SSDT 86557562 AppleMobileDeviceService.exe [1104.960] ZwQueryDirectoryFile
SSDT 865568FB AppleMobileDeviceService.exe [1104.960] ZwQuerySystemInformation
SSDT 8655729F AppleMobileDeviceService.exe [1104.960] ZwReadVirtualMemory
SSDT 88B21980 AppleMobileDeviceService.exe [1104.960] ZwResumeThread
SSDT 86556CA1 AppleMobileDeviceService.exe [1104.960] ZwSetContextThread
SSDT 86557034 AppleMobileDeviceService.exe [1104.960] ZwSetValueKey
SSDT 86554C9F AppleMobileDeviceService.exe [1104.960] ZwShutdownSystem
SSDT 86556C2E AppleMobileDeviceService.exe [1104.960] ZwSuspendThread
SSDT 86556BBB AppleMobileDeviceService.exe [1104.960] ZwTerminateThread
SSDT 86557315 AppleMobileDeviceService.exe [1104.960] ZwWriteVirtualMemory
SSDT 88A73ED8 AppleMobileDeviceService.exe [1104.1244] ZwAlpcConnectPort
SSDT 88B892D0 AppleMobileDeviceService.exe [1104.1244] ZwCreateThread
SSDT 86557146 AppleMobileDeviceService.exe [1104.1244] ZwDeleteValueKey
SSDT 86556DDE AppleMobileDeviceService.exe [1104.1244] ZwEnumerateKey
SSDT 86556EF7 AppleMobileDeviceService.exe [1104.1244] ZwEnumerateValueKey
SSDT 88A73C78 AppleMobileDeviceService.exe [1104.1244] ZwLoadDriver
SSDT 86556D14 AppleMobileDeviceService.exe [1104.1244] ZwOpenKey
SSDT 86556A4E AppleMobileDeviceService.exe [1104.1244] ZwOpenProcess
SSDT 86556AD6 AppleMobileDeviceService.exe [1104.1244] ZwOpenThread
SSDT 8655738B AppleMobileDeviceService.exe [1104.1244] ZwProtectVirtualMemory
SSDT 86557562 AppleMobileDeviceService.exe [1104.1244] ZwQueryDirectoryFile
SSDT 865568FB AppleMobileDeviceService.exe [1104.1244] ZwQuerySystemInformation
SSDT 8655729F AppleMobileDeviceService.exe [1104.1244] ZwReadVirtualMemory
SSDT 88B21980 AppleMobileDeviceService.exe [1104.1244] ZwResumeThread
SSDT 86556CA1 AppleMobileDeviceService.exe [1104.1244] ZwSetContextThread
SSDT 86557034 AppleMobileDeviceService.exe [1104.1244] ZwSetValueKey
SSDT 86554C9F AppleMobileDeviceService.exe [1104.1244] ZwShutdownSystem
SSDT 86556C2E AppleMobileDeviceService.exe [1104.1244] ZwSuspendThread
SSDT 86556BBB AppleMobileDeviceService.exe [1104.1244] ZwTerminateThread
SSDT 86557315 AppleMobileDeviceService.exe [1104.1244] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread AppleMobileDeviceService.exe [1104:1272] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 AppleMobileDeviceService.exe [1104.1272] ZwAlpcConnectPort
SSDT 88B892D0 AppleMobileDeviceService.exe [1104.1272] ZwCreateThread
SSDT 86557146 AppleMobileDeviceService.exe [1104.1272] ZwDeleteValueKey
SSDT 86556DDE AppleMobileDeviceService.exe [1104.1272] ZwEnumerateKey
SSDT 86556EF7 AppleMobileDeviceService.exe [1104.1272] ZwEnumerateValueKey
SSDT 88A73C78 AppleMobileDeviceService.exe [1104.1272] ZwLoadDriver
SSDT 86556D14 AppleMobileDeviceService.exe [1104.1272] ZwOpenKey
SSDT 86556A4E AppleMobileDeviceService.exe [1104.1272] ZwOpenProcess
SSDT 86556AD6 AppleMobileDeviceService.exe [1104.1272] ZwOpenThread
SSDT 8655738B AppleMobileDeviceService.exe [1104.1272] ZwProtectVirtualMemory
SSDT 86557562 AppleMobileDeviceService.exe [1104.1272] ZwQueryDirectoryFile
SSDT 865568FB AppleMobileDeviceService.exe [1104.1272] ZwQuerySystemInformation
SSDT 8655729F AppleMobileDeviceService.exe [1104.1272] ZwReadVirtualMemory
SSDT 88B21980 AppleMobileDeviceService.exe [1104.1272] ZwResumeThread
SSDT 86556CA1 AppleMobileDeviceService.exe [1104.1272] ZwSetContextThread
SSDT 86557034 AppleMobileDeviceService.exe [1104.1272] ZwSetValueKey
SSDT 86554C9F AppleMobileDeviceService.exe [1104.1272] ZwShutdownSystem
SSDT 86556C2E AppleMobileDeviceService.exe [1104.1272] ZwSuspendThread
SSDT 86556BBB AppleMobileDeviceService.exe [1104.1272] ZwTerminateThread
SSDT 86557315 AppleMobileDeviceService.exe [1104.1272] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1120:1124] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1120.1124] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1120.1124] ZwCreateThread
SSDT 86557146 svchost.exe [1120.1124] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1120.1124] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1120.1124] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1120.1124] ZwLoadDriver
SSDT 86556D14 svchost.exe [1120.1124] ZwOpenKey
SSDT 86556A4E svchost.exe [1120.1124] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1120.1124] ZwOpenThread
SSDT 8655738B svchost.exe [1120.1124] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1120.1124] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1120.1124] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1120.1124] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1120.1124] ZwResumeThread
SSDT 86556CA1 svchost.exe [1120.1124] ZwSetContextThread
SSDT 86557034 svchost.exe [1120.1124] ZwSetValueKey
SSDT 86554C9F svchost.exe [1120.1124] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1120.1124] ZwSuspendThread
SSDT 86556BBB svchost.exe [1120.1124] ZwTerminateThread
SSDT 86557315 svchost.exe [1120.1124] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1120.1128] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1120.1128] ZwCreateThread
SSDT 86557146 svchost.exe [1120.1128] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1120.1128] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1120.1128] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1120.1128] ZwLoadDriver
SSDT 86556D14 svchost.exe [1120.1128] ZwOpenKey
SSDT 86556A4E svchost.exe [1120.1128] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1120.1128] ZwOpenThread
SSDT 8655738B svchost.exe [1120.1128] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1120.1128] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1120.1128] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1120.1128] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1120.1128] ZwResumeThread
SSDT 86556CA1 svchost.exe [1120.1128] ZwSetContextThread
SSDT 86557034 svchost.exe [1120.1128] ZwSetValueKey
SSDT 86554C9F svchost.exe [1120.1128] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1120.1128] ZwSuspendThread
SSDT 86556BBB svchost.exe [1120.1128] ZwTerminateThread
SSDT 86557315 svchost.exe [1120.1128] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1120:1136] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1120.1136] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1120.1136] ZwCreateThread
SSDT 86557146 svchost.exe [1120.1136] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1120.1136] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1120.1136] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1120.1136] ZwLoadDriver
SSDT 86556D14 svchost.exe [1120.1136] ZwOpenKey
SSDT 86556A4E svchost.exe [1120.1136] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1120.1136] ZwOpenThread
SSDT 8655738B svchost.exe [1120.1136] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1120.1136] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1120.1136] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1120.1136] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1120.1136] ZwResumeThread
SSDT 86556CA1 svchost.exe [1120.1136] ZwSetContextThread
SSDT 86557034 svchost.exe [1120.1136] ZwSetValueKey
SSDT 86554C9F svchost.exe [1120.1136] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1120.1136] ZwSuspendThread
SSDT 86556BBB svchost.exe [1120.1136] ZwTerminateThread
SSDT 86557315 svchost.exe [1120.1136] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1120:1140] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1120.1140] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1120.1140] ZwCreateThread
SSDT 86557146 svchost.exe [1120.1140] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1120.1140] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1120.1140] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1120.1140] ZwLoadDriver
SSDT 86556D14 svchost.exe [1120.1140] ZwOpenKey
SSDT 86556A4E svchost.exe [1120.1140] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1120.1140] ZwOpenThread
SSDT 8655738B svchost.exe [1120.1140] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1120.1140] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1120.1140] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1120.1140] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1120.1140] ZwResumeThread
SSDT 86556CA1 svchost.exe [1120.1140] ZwSetContextThread
SSDT 86557034 svchost.exe [1120.1140] ZwSetValueKey
SSDT 86554C9F svchost.exe [1120.1140] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1120.1140] ZwSuspendThread
SSDT 86556BBB svchost.exe [1120.1140] ZwTerminateThread
SSDT 86557315 svchost.exe [1120.1140] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1120:5112] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1120.5112] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1120.5112] ZwCreateThread
SSDT 86557146 svchost.exe [1120.5112] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1120.5112] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1120.5112] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1120.5112] ZwLoadDriver
SSDT 86556D14 svchost.exe [1120.5112] ZwOpenKey
SSDT 86556A4E svchost.exe [1120.5112] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1120.5112] ZwOpenThread
SSDT 8655738B svchost.exe [1120.5112] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1120.5112] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1120.5112] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1120.5112] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1120.5112] ZwResumeThread
SSDT 86556CA1 svchost.exe [1120.5112] ZwSetContextThread
SSDT 86557034 svchost.exe [1120.5112] ZwSetValueKey
SSDT 86554C9F svchost.exe [1120.5112] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1120.5112] ZwSuspendThread
SSDT 86556BBB svchost.exe [1120.5112] ZwTerminateThread
SSDT 86557315 svchost.exe [1120.5112] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1120:4492] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1120.4492] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1120.4492] ZwCreateThread
SSDT 86557146 svchost.exe [1120.4492] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1120.4492] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1120.4492] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1120.4492] ZwLoadDriver
SSDT 86556D14 svchost.exe [1120.4492] ZwOpenKey
SSDT 86556A4E svchost.exe [1120.4492] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1120.4492] ZwOpenThread
SSDT 8655738B svchost.exe [1120.4492] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1120.4492] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1120.4492] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1120.4492] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1120.4492] ZwResumeThread
SSDT 86556CA1 svchost.exe [1120.4492] ZwSetContextThread
SSDT 86557034 svchost.exe [1120.4492] ZwSetValueKey
SSDT 86554C9F svchost.exe [1120.4492] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1120.4492] ZwSuspendThread
SSDT 86556BBB svchost.exe [1120.4492] ZwTerminateThread
SSDT 86557315 svchost.exe [1120.4492] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread mDNSResponder.exe [1228:1168] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 mDNSResponder.exe [1228.1168] ZwAlpcConnectPort
SSDT 88B892D0 mDNSResponder.exe [1228.1168] ZwCreateThread
SSDT 86557146 mDNSResponder.exe [1228.1168] ZwDeleteValueKey
SSDT 86556DDE mDNSResponder.exe [1228.1168] ZwEnumerateKey
SSDT 86556EF7 mDNSResponder.exe [1228.1168] ZwEnumerateValueKey
SSDT 88A73C78 mDNSResponder.exe [1228.1168] ZwLoadDriver
SSDT 86556D14 mDNSResponder.exe [1228.1168] ZwOpenKey
SSDT 86556A4E mDNSResponder.exe [1228.1168] ZwOpenProcess
SSDT 86556AD6 mDNSResponder.exe [1228.1168] ZwOpenThread
SSDT 8655738B mDNSResponder.exe [1228.1168] ZwProtectVirtualMemory
SSDT 86557562 mDNSResponder.exe [1228.1168] ZwQueryDirectoryFile
SSDT 865568FB mDNSResponder.exe [1228.1168] ZwQuerySystemInformation
SSDT 8655729F mDNSResponder.exe [1228.1168] ZwReadVirtualMemory
SSDT 88B21980 mDNSResponder.exe [1228.1168] ZwResumeThread
SSDT 86556CA1 mDNSResponder.exe [1228.1168] ZwSetContextThread
SSDT 86557034 mDNSResponder.exe [1228.1168] ZwSetValueKey
SSDT 86554C9F mDNSResponder.exe [1228.1168] ZwShutdownSystem
SSDT 86556C2E mDNSResponder.exe [1228.1168] ZwSuspendThread
SSDT 86556BBB mDNSResponder.exe [1228.1168] ZwTerminateThread
SSDT 86557315 mDNSResponder.exe [1228.1168] ZwWriteVirtualMemory
SSDT 88A73ED8 mDNSResponder.exe [1228.1296] ZwAlpcConnectPort
SSDT 88B892D0 mDNSResponder.exe [1228.1296] ZwCreateThread
SSDT 86557146 mDNSResponder.exe [1228.1296] ZwDeleteValueKey
SSDT 86556DDE mDNSResponder.exe [1228.1296] ZwEnumerateKey
SSDT 86556EF7 mDNSResponder.exe [1228.1296] ZwEnumerateValueKey
SSDT 88A73C78 mDNSResponder.exe [1228.1296] ZwLoadDriver
SSDT 86556D14 mDNSResponder.exe [1228.1296] ZwOpenKey
SSDT 86556A4E mDNSResponder.exe [1228.1296] ZwOpenProcess
SSDT 86556AD6 mDNSResponder.exe [1228.1296] ZwOpenThread
SSDT 8655738B mDNSResponder.exe [1228.1296] ZwProtectVirtualMemory
SSDT 86557562 mDNSResponder.exe [1228.1296] ZwQueryDirectoryFile
SSDT 865568FB mDNSResponder.exe [1228.1296] ZwQuerySystemInformation
SSDT 8655729F mDNSResponder.exe [1228.1296] ZwReadVirtualMemory
SSDT 88B21980 mDNSResponder.exe [1228.1296] ZwResumeThread
SSDT 86556CA1 mDNSResponder.exe [1228.1296] ZwSetContextThread
SSDT 86557034 mDNSResponder.exe [1228.1296] ZwSetValueKey
SSDT 86554C9F mDNSResponder.exe [1228.1296] ZwShutdownSystem
SSDT 86556C2E mDNSResponder.exe [1228.1296] ZwSuspendThread
SSDT 86556BBB mDNSResponder.exe [1228.1296] ZwTerminateThread
SSDT 86557315 mDNSResponder.exe [1228.1296] ZwWriteVirtualMemory





---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1256:1260] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1256.1260] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1256.1260] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1256.1260] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1256.1260] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1256.1260] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1256.1260] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1256.1260] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1256.1260] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1256.1260] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1256.1260] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1256.1260] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1256.1260] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1256.1260] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1256.1260] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1256.1260] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1256.1260] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1256.1260] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1256.1260] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1256.1260] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1256.1260] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1256:1276] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1256.1276] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1256.1276] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1256.1276] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1256.1276] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1256.1276] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1256.1276] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1256.1276] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1256.1276] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1256.1276] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1256.1276] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1256.1276] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1256.1276] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1256.1276] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1256.1276] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1256.1276] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1256.1276] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1256.1276] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1256.1276] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1256.1276] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1256.1276] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1256:1280] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1256.1280] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1256.1280] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1256.1280] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1256.1280] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1256.1280] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1256.1280] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1256.1280] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1256.1280] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1256.1280] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1256.1280] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1256.1280] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1256.1280] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1256.1280] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1256.1280] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1256.1280] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1256.1280] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1256.1280] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1256.1280] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1256.1280] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1256.1280] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1256:1940] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1256.1940] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1256.1940] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1256.1940] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1256.1940] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1256.1940] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1256.1940] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1256.1940] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1256.1940] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1256.1940] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1256.1940] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1256.1940] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1256.1940] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1256.1940] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1256.1940] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1256.1940] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1256.1940] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1256.1940] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1256.1940] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1256.1940] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1256.1940] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1256:1944] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1256.1944] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1256.1944] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1256.1944] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1256.1944] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1256.1944] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1256.1944] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1256.1944] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1256.1944] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1256.1944] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1256.1944] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1256.1944] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1256.1944] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1256.1944] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1256.1944] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1256.1944] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1256.1944] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1256.1944] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1256.1944] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1256.1944] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1256.1944] ZwWriteVirtualMemory
SSDT 88A73ED8 iTunesHelper.exe [1264.804] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.804] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.804] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.804] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.804] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.804] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.804] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.804] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.804] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.804] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.804] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.804] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.804] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.804] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.804] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.804] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.804] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.804] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.804] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.804] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:2060] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.2060] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.2060] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.2060] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.2060] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.2060] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.2060] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.2060] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.2060] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.2060] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.2060] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.2060] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.2060] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.2060] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.2060] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.2060] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.2060] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.2060] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.2060] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.2060] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.2060] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:4008] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.4008] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.4008] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.4008] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.4008] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.4008] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.4008] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.4008] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.4008] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.4008] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.4008] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.4008] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.4008] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.4008] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.4008] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.4008] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.4008] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.4008] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.4008] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.4008] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.4008] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:3988] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.3988] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.3988] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.3988] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.3988] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.3988] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.3988] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.3988] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.3988] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.3988] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.3988] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.3988] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.3988] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.3988] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.3988] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.3988] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.3988] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.3988] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.3988] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.3988] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.3988] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:2736] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.2736] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.2736] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.2736] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.2736] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.2736] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.2736] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.2736] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.2736] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.2736] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.2736] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.2736] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.2736] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.2736] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.2736] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.2736] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.2736] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.2736] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.2736] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.2736] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.2736] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:964] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.964] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.964] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.964] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.964] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.964] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.964] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.964] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.964] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.964] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.964] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.964] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.964] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.964] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.964] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.964] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.964] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.964] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.964] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.964] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.964] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:2272] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.2272] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.2272] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.2272] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.2272] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.2272] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.2272] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.2272] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.2272] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.2272] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.2272] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.2272] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.2272] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.2272] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.2272] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.2272] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.2272] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.2272] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.2272] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.2272] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.2272] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:1048] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.1048] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.1048] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.1048] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.1048] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.1048] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.1048] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.1048] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.1048] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.1048] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.1048] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.1048] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.1048] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.1048] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.1048] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.1048] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.1048] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.1048] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.1048] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.1048] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.1048] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:3776] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.3776] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.3776] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.3776] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.3776] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.3776] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.3776] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.3776] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.3776] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.3776] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.3776] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.3776] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.3776] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.3776] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.3776] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.3776] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.3776] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.3776] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.3776] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.3776] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.3776] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:2536] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.2536] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.2536] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.2536] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.2536] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.2536] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.2536] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.2536] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.2536] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.2536] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.2536] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.2536] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.2536] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.2536] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.2536] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.2536] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.2536] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.2536] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.2536] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.2536] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.2536] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iTunesHelper.exe [1264:5476] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iTunesHelper.exe [1264.5476] ZwAlpcConnectPort
SSDT 88B892D0 iTunesHelper.exe [1264.5476] ZwCreateThread
SSDT 86557146 iTunesHelper.exe [1264.5476] ZwDeleteValueKey
SSDT 86556DDE iTunesHelper.exe [1264.5476] ZwEnumerateKey
SSDT 86556EF7 iTunesHelper.exe [1264.5476] ZwEnumerateValueKey
SSDT 88A73C78 iTunesHelper.exe [1264.5476] ZwLoadDriver
SSDT 86556D14 iTunesHelper.exe [1264.5476] ZwOpenKey
SSDT 86556A4E iTunesHelper.exe [1264.5476] ZwOpenProcess
SSDT 86556AD6 iTunesHelper.exe [1264.5476] ZwOpenThread
SSDT 8655738B iTunesHelper.exe [1264.5476] ZwProtectVirtualMemory
SSDT 86557562 iTunesHelper.exe [1264.5476] ZwQueryDirectoryFile
SSDT 865568FB iTunesHelper.exe [1264.5476] ZwQuerySystemInformation
SSDT 8655729F iTunesHelper.exe [1264.5476] ZwReadVirtualMemory
SSDT 88B21980 iTunesHelper.exe [1264.5476] ZwResumeThread
SSDT 86556CA1 iTunesHelper.exe [1264.5476] ZwSetContextThread
SSDT 86557034 iTunesHelper.exe [1264.5476] ZwSetValueKey
SSDT 86554C9F iTunesHelper.exe [1264.5476] ZwShutdownSystem
SSDT 86556C2E iTunesHelper.exe [1264.5476] ZwSuspendThread
SSDT 86556BBB iTunesHelper.exe [1264.5476] ZwTerminateThread
SSDT 86557315 iTunesHelper.exe [1264.5476] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1288] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1288] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1288] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1288] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1288] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1288] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1288] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1288] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1288] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1288] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1288] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1288] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1288] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1288] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1288] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1288] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1288] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1288] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1288] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1288] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1288] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1284.1300] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1300] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1300] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1300] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1300] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1300] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1300] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1300] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1300] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1300] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1300] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1300] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1300] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1300] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1300] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1300] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1300] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1300] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1300] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1300] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1284.1304] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1304] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1304] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1304] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1304] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1304] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1304] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1304] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1304] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1304] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1304] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1304] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1304] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1304] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1304] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1304] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1304] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1304] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1304] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1304] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1328] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1328] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1328] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1328] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1328] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1328] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1328] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1328] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1328] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1328] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1328] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1328] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1328] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1328] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1328] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1328] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1328] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1328] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1328] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1328] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1328] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1420] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1420] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1420] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1420] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1420] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1420] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1420] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1420] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1420] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1420] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1420] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1420] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1420] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1420] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1420] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1420] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1420] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1420] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1420] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1420] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1420] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1436] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1436] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1436] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1436] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1436] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1436] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1436] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1436] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1436] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1436] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1436] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1436] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1436] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1436] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1436] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1436] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1436] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1436] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1436] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1436] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1436] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1500] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1500] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1500] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1500] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1500] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1500] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1500] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1500] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1500] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1500] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1500] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1500] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1500] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1500] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1500] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1500] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1500] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1500] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1500] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1500] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1500] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1504] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1504] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1504] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1504] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1504] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1504] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1504] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1504] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1504] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1504] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1504] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1504] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1504] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1504] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1504] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1504] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1504] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1504] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1504] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1504] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1504] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1508] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1508] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1508] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1508] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1508] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1508] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1508] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1508] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1508] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1508] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1508] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1508] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1508] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1508] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1508] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1508] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1508] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1508] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1508] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1508] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1508] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1716] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1716] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1716] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1716] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1716] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1716] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1716] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1716] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1716] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1716] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1716] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1716] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1716] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1716] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1716] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1716] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1716] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1716] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1716] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1716] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1716] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1724] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1724] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1724] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1724] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1724] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1724] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1724] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1724] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1724] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1724] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1724] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1724] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1724] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1724] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1724] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1724] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1724] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1724] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1724] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1724] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1724] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1728] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1728] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1728] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1728] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1728] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1728] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1728] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1728] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1728] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1728] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1728] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1728] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1728] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1728] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1728] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1728] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1728] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1728] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1728] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1728] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1728] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1732] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1732] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1732] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1732] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1732] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1732] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1732] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1732] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1732] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1732] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1732] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1732] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1732] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1732] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1732] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1732] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1732] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1732] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1732] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1732] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1732] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1744] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1744] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1744] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1744] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1744] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1744] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1744] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1744] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1744] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1744] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1744] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1744] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1744] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1744] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1744] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1744] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1744] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1744] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1744] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1744] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1744] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1284:1748] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1284.1748] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.1748] ZwCreateThread
SSDT 86557146 svchost.exe [1284.1748] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.1748] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.1748] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.1748] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.1748] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.1748] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.1748] ZwOpenThread
SSDT 8655738B svchost.exe [1284.1748] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.1748] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.1748] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.1748] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.1748] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.1748] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.1748] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.1748] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.1748] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.1748] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.1748] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1284.5276] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.5276] ZwCreateThread
SSDT 86557146 svchost.exe [1284.5276] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.5276] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.5276] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.5276] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.5276] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.5276] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.5276] ZwOpenThread
SSDT 8655738B svchost.exe [1284.5276] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.5276] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.5276] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.5276] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.5276] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.5276] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.5276] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.5276] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.5276] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.5276] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.5276] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1284.5288] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.5288] ZwCreateThread
SSDT 86557146 svchost.exe [1284.5288] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.5288] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.5288] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.5288] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.5288] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.5288] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.5288] ZwOpenThread
SSDT 8655738B svchost.exe [1284.5288] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.5288] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.5288] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.5288] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.5288] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.5288] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.5288] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.5288] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.5288] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.5288] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.5288] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1284.5300] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1284.5300] ZwCreateThread
SSDT 86557146 svchost.exe [1284.5300] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1284.5300] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1284.5300] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1284.5300] ZwLoadDriver
SSDT 86556D14 svchost.exe [1284.5300] ZwOpenKey
SSDT 86556A4E svchost.exe [1284.5300] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1284.5300] ZwOpenThread
SSDT 8655738B svchost.exe [1284.5300] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1284.5300] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1284.5300] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1284.5300] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1284.5300] ZwResumeThread
SSDT 86556CA1 svchost.exe [1284.5300] ZwSetContextThread
SSDT 86557034 svchost.exe [1284.5300] ZwSetValueKey
SSDT 86554C9F svchost.exe [1284.5300] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1284.5300] ZwSuspendThread
SSDT 86556BBB svchost.exe [1284.5300] ZwTerminateThread
SSDT 86557315 svchost.exe [1284.5300] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1324] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1324] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1324] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1324] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1324] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1324] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1324] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1324] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1324] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1324] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1324] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1324] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1324] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1324] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1324] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1324] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1324] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1324] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1324] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1324] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1324] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1376] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1376] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1376] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1376] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1376] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1376] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1376] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1376] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1376] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1376] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1376] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1376] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1376] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1376] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1376] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1376] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1376] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1376] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1376] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1376] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1376] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1384] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1384] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1384] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1384] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1384] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1384] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1384] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1384] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1384] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1384] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1384] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1384] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1384] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1384] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1384] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1384] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1384] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1384] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1384] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1384] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1384] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1388] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1388] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1388] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1388] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1388] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1388] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1388] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1388] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1388] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1388] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1388] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1388] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1388] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1388] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1388] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1388] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1388] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1388] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1388] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1388] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1388] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1660] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1660] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1660] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1660] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1660] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1660] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1660] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1660] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1660] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1660] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1660] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1660] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1660] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1660] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1660] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1660] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1660] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1660] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1660] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1660] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1660] ZwWriteVirtualMemory





#6 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:02 PM

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1668] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1668] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1668] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1668] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1668] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1668] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1668] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1668] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1668] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1668] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1668] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1668] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1668] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1668] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1668] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1668] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1668] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1668] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1668] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1668] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1668] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1680] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1680] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1680] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1680] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1680] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1680] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1680] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1680] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1680] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1680] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1680] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1680] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1680] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1680] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1680] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1680] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1680] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1680] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1680] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1680] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1680] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1684] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1684] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1684] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1684] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1684] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1684] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1684] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1684] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1684] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1684] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1684] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1684] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1684] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1684] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1684] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1684] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1684] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1684] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1684] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1684] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1684] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1908] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1908] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1908] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1908] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1908] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1908] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1908] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1908] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1908] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1908] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1908] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1908] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1908] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1908] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1908] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1908] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1908] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1908] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1908] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1908] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1908] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1912] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1912] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1912] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1912] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1912] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1912] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1912] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1912] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1912] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1912] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1912] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1912] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1912] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1912] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1912] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1912] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1912] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1912] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1912] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1912] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1912] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1320.1964] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1964] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1964] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1964] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1964] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1964] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1964] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1964] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1964] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1964] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1964] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1964] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1964] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1964] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1964] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1964] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1964] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1964] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1964] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1964] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:1412] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.1412] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.1412] ZwCreateThread
SSDT 86557146 svchost.exe [1320.1412] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.1412] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.1412] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.1412] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.1412] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.1412] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.1412] ZwOpenThread
SSDT 8655738B svchost.exe [1320.1412] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.1412] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.1412] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.1412] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.1412] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.1412] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.1412] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.1412] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.1412] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.1412] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.1412] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2136] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2136] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2136] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2136] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2136] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2136] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2136] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2136] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2136] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2136] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2136] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2136] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2136] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2136] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2136] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2136] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2136] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2136] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2136] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2136] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2136] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2148] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2148] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2148] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2148] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2148] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2148] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2148] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2148] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2148] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2148] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2148] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2148] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2148] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2148] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2148] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2148] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2148] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2148] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2148] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2148] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2148] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2324] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2324] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2324] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2324] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2324] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2324] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2324] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2324] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2324] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2324] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2324] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2324] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2324] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2324] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2324] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2324] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2324] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2324] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2324] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2324] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2324] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2340] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2340] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2340] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2340] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2340] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2340] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2340] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2340] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2340] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2340] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2340] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2340] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2340] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2340] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2340] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2340] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2340] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2340] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2340] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2340] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2340] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2484] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2484] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2484] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2484] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2484] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2484] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2484] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2484] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2484] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2484] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2484] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2484] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2484] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2484] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2484] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2484] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2484] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2484] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2484] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2484] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2484] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2492] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2492] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2492] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2492] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2492] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2492] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2492] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2492] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2492] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2492] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2492] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2492] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2492] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2492] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2492] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2492] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2492] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2492] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2492] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2492] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2492] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2496] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2496] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2496] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2496] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2496] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2496] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2496] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2496] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2496] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2496] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2496] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2496] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2496] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2496] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2496] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2496] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2496] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2496] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2496] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2496] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2496] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2500] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2500] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2500] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2500] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2500] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2500] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2500] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2500] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2500] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2500] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2500] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2500] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2500] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2500] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2500] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2500] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2500] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2500] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2500] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2500] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2500] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2504] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2504] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2504] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2504] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2504] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2504] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2504] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2504] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2504] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2504] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2504] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2504] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2504] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2504] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2504] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2504] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2504] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2504] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2504] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2504] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2504] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2508] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2508] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2508] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2508] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2508] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2508] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2508] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2508] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2508] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2508] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2508] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2508] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2508] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2508] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2508] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2508] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2508] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2508] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2508] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2508] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2508] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2512] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2512] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2512] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2512] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2512] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2512] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2512] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2512] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2512] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2512] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2512] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2512] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2512] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2512] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2512] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2512] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2512] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2512] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2512] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2512] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2512] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2516] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2516] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2516] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2516] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2516] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2516] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2516] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2516] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2516] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2516] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2516] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2516] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2516] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2516] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2516] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2516] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2516] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2516] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2516] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2516] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2516] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2520] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2520] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2520] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2520] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2520] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2520] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2520] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2520] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2520] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2520] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2520] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2520] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2520] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2520] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2520] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2520] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2520] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2520] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2520] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2520] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2520] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2524] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2524] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2524] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2524] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2524] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2524] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2524] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2524] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2524] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2524] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2524] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2524] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2524] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2524] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2524] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2524] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2524] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2524] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2524] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2524] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2524] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2528] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2528] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2528] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2528] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2528] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2528] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2528] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2528] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2528] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2528] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2528] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2528] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2528] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2528] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2528] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2528] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2528] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2528] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2528] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2528] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2528] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2632] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2632] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2632] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2632] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2632] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2632] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2632] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2632] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2632] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2632] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2632] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2632] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2632] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2632] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2632] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2632] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2632] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2632] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2632] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2632] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2632] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2088] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2088] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2088] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2088] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2088] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2088] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2088] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2088] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2088] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2088] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2088] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2088] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2088] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2088] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2088] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2088] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2088] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2088] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2088] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2088] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2088] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:4416] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.4416] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.4416] ZwCreateThread
SSDT 86557146 svchost.exe [1320.4416] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.4416] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.4416] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.4416] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.4416] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.4416] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.4416] ZwOpenThread
SSDT 8655738B svchost.exe [1320.4416] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.4416] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.4416] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.4416] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.4416] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.4416] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.4416] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.4416] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.4416] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.4416] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.4416] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:4412] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.4412] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.4412] ZwCreateThread
SSDT 86557146 svchost.exe [1320.4412] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.4412] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.4412] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.4412] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.4412] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.4412] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.4412] ZwOpenThread
SSDT 8655738B svchost.exe [1320.4412] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.4412] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.4412] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.4412] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.4412] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.4412] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.4412] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.4412] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.4412] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.4412] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.4412] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:3864] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.3864] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.3864] ZwCreateThread
SSDT 86557146 svchost.exe [1320.3864] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.3864] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.3864] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.3864] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.3864] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.3864] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.3864] ZwOpenThread
SSDT 8655738B svchost.exe [1320.3864] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.3864] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.3864] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.3864] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.3864] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.3864] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.3864] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.3864] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.3864] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.3864] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.3864] ZwWriteVirtualMemory





---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:4004] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.4004] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.4004] ZwCreateThread
SSDT 86557146 svchost.exe [1320.4004] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.4004] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.4004] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.4004] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.4004] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.4004] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.4004] ZwOpenThread
SSDT 8655738B svchost.exe [1320.4004] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.4004] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.4004] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.4004] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.4004] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.4004] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.4004] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.4004] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.4004] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.4004] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.4004] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:3016] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.3016] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.3016] ZwCreateThread
SSDT 86557146 svchost.exe [1320.3016] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.3016] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.3016] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.3016] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.3016] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.3016] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.3016] ZwOpenThread
SSDT 8655738B svchost.exe [1320.3016] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.3016] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.3016] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.3016] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.3016] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.3016] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.3016] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.3016] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.3016] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.3016] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.3016] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1320:2464] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1320.2464] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1320.2464] ZwCreateThread
SSDT 86557146 svchost.exe [1320.2464] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1320.2464] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1320.2464] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1320.2464] ZwLoadDriver
SSDT 86556D14 svchost.exe [1320.2464] ZwOpenKey
SSDT 86556A4E svchost.exe [1320.2464] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1320.2464] ZwOpenThread
SSDT 8655738B svchost.exe [1320.2464] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1320.2464] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1320.2464] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1320.2464] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1320.2464] ZwResumeThread
SSDT 86556CA1 svchost.exe [1320.2464] ZwSetContextThread
SSDT 86557034 svchost.exe [1320.2464] ZwSetValueKey
SSDT 86554C9F svchost.exe [1320.2464] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1320.2464] ZwSuspendThread
SSDT 86556BBB svchost.exe [1320.2464] ZwTerminateThread
SSDT 86557315 svchost.exe [1320.2464] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1356] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1356] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1356] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1356] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1356] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1356] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1356] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1356] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1356] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1356] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1356] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1356] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1356] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1356] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1356] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1356] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1356] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1356] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1356] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1356] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1356] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1364] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1364] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1364] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1364] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1364] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1364] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1364] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1364] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1364] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1364] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1364] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1364] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1364] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1364] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1364] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1364] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1364] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1364] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1364] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1364] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1364] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1368] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1368] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1368] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1368] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1368] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1368] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1368] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1368] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1368] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1368] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1368] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1368] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1368] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1368] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1368] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1368] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1368] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1368] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1368] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1368] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1368] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1456] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1456] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1456] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1456] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1456] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1456] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1456] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1456] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1456] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1456] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1456] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1456] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1456] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1456] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1456] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1456] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1456] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1456] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1456] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1456] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1456] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1576] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1576] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1576] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1576] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1576] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1576] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1576] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1576] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1576] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1576] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1576] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1576] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1576] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1576] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1576] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1576] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1576] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1576] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1576] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1576] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1576] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1584] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1584] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1584] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1584] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1584] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1584] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1584] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1584] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1584] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1584] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1584] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1584] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1584] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1584] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1584] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1584] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1584] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1584] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1584] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1584] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1584] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1652] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1652] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1652] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1652] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1652] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1652] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1652] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1652] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1652] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1652] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1652] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1652] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1652] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1652] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1652] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1652] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1652] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1652] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1652] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1652] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1652] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1740] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1740] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1740] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1740] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1740] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1740] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1740] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1740] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1740] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1740] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1740] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1740] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1740] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1740] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1740] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1740] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1740] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1740] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1740] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1740] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1740] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.1788] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1788] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1788] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1788] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1788] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1788] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1788] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1788] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1788] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1788] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1788] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1788] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1788] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1788] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1788] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1788] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1788] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1788] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1788] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1788] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1920] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1920] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1920] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1920] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1920] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1920] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1920] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1920] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1920] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1920] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1920] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1920] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1920] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1920] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1920] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1920] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1920] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1920] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1920] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1920] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1920] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.1924] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1924] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1924] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1924] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1924] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1924] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1924] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1924] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1924] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1924] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1924] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1924] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1924] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1924] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1924] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1924] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1924] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1924] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1924] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1924] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.1928] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1928] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1928] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1928] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1928] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1928] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1928] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1928] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1928] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1928] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1928] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1928] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1928] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1928] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1928] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1928] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1928] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1928] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1928] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1928] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.1932] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1932] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1932] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1932] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1932] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1932] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1932] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1932] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1932] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1932] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1932] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1932] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1932] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1932] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1932] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1932] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1932] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1932] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1932] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1932] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1992] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1992] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1992] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1992] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1992] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1992] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1992] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1992] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1992] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1992] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1992] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1992] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1992] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1992] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1992] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1992] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1992] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1992] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1992] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1992] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1992] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1996] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1996] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1996] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1996] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1996] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1996] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1996] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1996] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1996] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1996] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1996] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1996] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1996] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1996] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1996] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1996] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1996] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1996] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1996] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1996] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1996] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.572] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.572] ZwCreateThread
SSDT 86557146 svchost.exe [1352.572] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.572] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.572] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.572] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.572] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.572] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.572] ZwOpenThread
SSDT 8655738B svchost.exe [1352.572] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.572] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.572] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.572] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.572] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.572] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.572] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.572] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.572] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.572] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.572] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:808] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.808] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.808] ZwCreateThread
SSDT 86557146 svchost.exe [1352.808] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.808] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.808] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.808] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.808] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.808] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.808] ZwOpenThread
SSDT 8655738B svchost.exe [1352.808] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.808] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.808] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.808] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.808] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.808] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.808] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.808] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.808] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.808] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.808] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.852] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.852] ZwCreateThread
SSDT 86557146 svchost.exe [1352.852] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.852] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.852] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.852] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.852] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.852] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.852] ZwOpenThread
SSDT 8655738B svchost.exe [1352.852] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.852] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.852] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.852] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.852] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.852] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.852] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.852] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.852] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.852] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.852] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:968] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.968] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.968] ZwCreateThread
SSDT 86557146 svchost.exe [1352.968] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.968] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.968] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.968] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.968] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.968] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.968] ZwOpenThread
SSDT 8655738B svchost.exe [1352.968] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.968] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.968] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.968] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.968] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.968] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.968] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.968] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.968] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.968] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.968] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:828] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.828] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.828] ZwCreateThread
SSDT 86557146 svchost.exe [1352.828] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.828] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.828] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.828] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.828] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.828] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.828] ZwOpenThread
SSDT 8655738B svchost.exe [1352.828] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.828] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.828] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.828] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.828] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.828] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.828] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.828] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.828] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.828] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.828] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:784] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.784] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.784] ZwCreateThread
SSDT 86557146 svchost.exe [1352.784] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.784] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.784] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.784] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.784] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.784] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.784] ZwOpenThread
SSDT 8655738B svchost.exe [1352.784] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.784] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.784] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.784] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.784] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.784] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.784] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.784] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.784] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.784] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.784] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1704] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1704] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1704] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1704] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1704] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1704] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1704] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1704] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1704] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1704] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1704] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1704] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1704] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1704] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1704] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1704] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1704] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1704] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1704] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1704] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1704] ZwWriteVirtualMemory





---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2224] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2224] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2224] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2224] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2224] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2224] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2224] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2224] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2224] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2224] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2224] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2224] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2224] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2224] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2224] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2224] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2224] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2224] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2224] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2224] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2224] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2408] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2408] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2408] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2408] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2408] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2408] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2408] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2408] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2408] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2408] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2408] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2408] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2408] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2408] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2408] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2408] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2408] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2408] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2408] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2408] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2408] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.2476] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2476] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2476] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2476] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2476] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2476] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2476] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2476] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2476] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2476] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2476] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2476] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2476] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2476] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2476] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2476] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2476] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2476] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2476] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2476] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.2544] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2544] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2544] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2544] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2544] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2544] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2544] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2544] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2544] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2544] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2544] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2544] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2544] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2544] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2544] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2544] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2544] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2544] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2544] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2544] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2548] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2548] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2548] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2548] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2548] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2548] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2548] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2548] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2548] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2548] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2548] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2548] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2548] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2548] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2548] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2548] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2548] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2548] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2548] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2548] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2548] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2592] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2592] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2592] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2592] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2592] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2592] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2592] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2592] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2592] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2592] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2592] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2592] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2592] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2592] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2592] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2592] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2592] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2592] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2592] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2592] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2592] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.2600] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2600] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2600] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2600] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2600] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2600] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2600] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2600] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2600] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2600] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2600] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2600] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2600] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2600] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2600] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2600] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2600] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2600] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2600] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2600] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.2604] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2604] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2604] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2604] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2604] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2604] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2604] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2604] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2604] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2604] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2604] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2604] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2604] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2604] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2604] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2604] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2604] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2604] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2604] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2604] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.2608] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2608] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2608] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2608] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2608] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2608] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2608] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2608] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2608] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2608] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2608] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2608] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2608] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2608] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2608] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2608] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2608] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2608] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2608] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2608] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2884] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2884] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2884] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2884] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2884] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2884] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2884] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2884] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2884] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2884] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2884] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2884] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2884] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2884] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2884] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2884] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2884] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2884] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2884] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2884] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2884] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1496] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1496] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1496] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1496] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1496] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1496] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1496] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1496] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1496] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1496] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1496] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1496] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1496] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1496] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1496] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1496] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1496] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1496] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1496] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1496] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1496] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1692] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1692] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1692] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1692] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1692] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1692] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1692] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1692] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1692] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1692] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1692] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1692] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1692] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1692] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1692] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1692] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1692] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1692] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1692] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1692] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1692] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:400] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.400] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.400] ZwCreateThread
SSDT 86557146 svchost.exe [1352.400] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.400] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.400] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.400] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.400] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.400] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.400] ZwOpenThread
SSDT 8655738B svchost.exe [1352.400] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.400] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.400] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.400] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.400] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.400] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.400] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.400] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.400] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.400] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.400] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.2672] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2672] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2672] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2672] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2672] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2672] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2672] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2672] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2672] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2672] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2672] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2672] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2672] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2672] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2672] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2672] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2672] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2672] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2672] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2672] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:1016] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.1016] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1016] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1016] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1016] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1016] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1016] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1016] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1016] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1016] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1016] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1016] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1016] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1016] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1016] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1016] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1016] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1016] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1016] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1016] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1016] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2328] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2328] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2328] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2328] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2328] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2328] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2328] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2328] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2328] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2328] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2328] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2328] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2328] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2328] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2328] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2328] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2328] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2328] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2328] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2328] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2328] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1352.1460] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.1460] ZwCreateThread
SSDT 86557146 svchost.exe [1352.1460] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.1460] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.1460] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.1460] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.1460] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.1460] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.1460] ZwOpenThread
SSDT 8655738B svchost.exe [1352.1460] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.1460] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.1460] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.1460] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.1460] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.1460] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.1460] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.1460] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.1460] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.1460] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.1460] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:2848] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.2848] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.2848] ZwCreateThread
SSDT 86557146 svchost.exe [1352.2848] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.2848] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.2848] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.2848] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.2848] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.2848] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.2848] ZwOpenThread
SSDT 8655738B svchost.exe [1352.2848] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.2848] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.2848] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.2848] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.2848] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.2848] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.2848] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.2848] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.2848] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.2848] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.2848] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:3608] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.3608] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.3608] ZwCreateThread
SSDT 86557146 svchost.exe [1352.3608] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.3608] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.3608] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.3608] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.3608] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.3608] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.3608] ZwOpenThread
SSDT 8655738B svchost.exe [1352.3608] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.3608] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.3608] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.3608] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.3608] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.3608] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.3608] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.3608] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.3608] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.3608] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.3608] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:3756] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.3756] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.3756] ZwCreateThread
SSDT 86557146 svchost.exe [1352.3756] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.3756] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.3756] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.3756] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.3756] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.3756] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.3756] ZwOpenThread
SSDT 8655738B svchost.exe [1352.3756] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.3756] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.3756] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.3756] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.3756] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.3756] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.3756] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.3756] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.3756] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.3756] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.3756] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:5092] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.5092] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.5092] ZwCreateThread
SSDT 86557146 svchost.exe [1352.5092] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.5092] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.5092] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.5092] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.5092] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.5092] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.5092] ZwOpenThread
SSDT 8655738B svchost.exe [1352.5092] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.5092] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.5092] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.5092] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.5092] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.5092] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.5092] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.5092] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.5092] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.5092] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.5092] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:7272] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.7272] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.7272] ZwCreateThread
SSDT 86557146 svchost.exe [1352.7272] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.7272] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.7272] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.7272] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.7272] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.7272] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.7272] ZwOpenThread
SSDT 8655738B svchost.exe [1352.7272] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.7272] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.7272] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.7272] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.7272] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.7272] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.7272] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.7272] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.7272] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.7272] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.7272] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:6216] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.6216] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.6216] ZwCreateThread
SSDT 86557146 svchost.exe [1352.6216] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.6216] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.6216] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.6216] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.6216] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.6216] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.6216] ZwOpenThread
SSDT 8655738B svchost.exe [1352.6216] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.6216] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.6216] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.6216] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.6216] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.6216] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.6216] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.6216] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.6216] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.6216] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.6216] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1352:9196] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1352.9196] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1352.9196] ZwCreateThread
SSDT 86557146 svchost.exe [1352.9196] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1352.9196] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1352.9196] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1352.9196] ZwLoadDriver
SSDT 86556D14 svchost.exe [1352.9196] ZwOpenKey
SSDT 86556A4E svchost.exe [1352.9196] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1352.9196] ZwOpenThread
SSDT 8655738B svchost.exe [1352.9196] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1352.9196] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1352.9196] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1352.9196] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1352.9196] ZwResumeThread
SSDT 86556CA1 svchost.exe [1352.9196] ZwSetContextThread
SSDT 86557034 svchost.exe [1352.9196] ZwSetValueKey
SSDT 86554C9F svchost.exe [1352.9196] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1352.9196] ZwSuspendThread
SSDT 86556BBB svchost.exe [1352.9196] ZwTerminateThread
SSDT 86557315 svchost.exe [1352.9196] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread audiodg.exe [1424:1428] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 audiodg.exe [1424.1428] ZwAlpcConnectPort
SSDT 88B892D0 audiodg.exe [1424.1428] ZwCreateThread
SSDT 86557146 audiodg.exe [1424.1428] ZwDeleteValueKey
SSDT 86556DDE audiodg.exe [1424.1428] ZwEnumerateKey
SSDT 86556EF7 audiodg.exe [1424.1428] ZwEnumerateValueKey
SSDT 88A73C78 audiodg.exe [1424.1428] ZwLoadDriver
SSDT 86556D14 audiodg.exe [1424.1428] ZwOpenKey
SSDT 86556A4E audiodg.exe [1424.1428] ZwOpenProcess
SSDT 86556AD6 audiodg.exe [1424.1428] ZwOpenThread
SSDT 8655738B audiodg.exe [1424.1428] ZwProtectVirtualMemory
SSDT 86557562 audiodg.exe [1424.1428] ZwQueryDirectoryFile
SSDT 865568FB audiodg.exe [1424.1428] ZwQuerySystemInformation
SSDT 8655729F audiodg.exe [1424.1428] ZwReadVirtualMemory
SSDT 88B21980 audiodg.exe [1424.1428] ZwResumeThread
SSDT 86556CA1 audiodg.exe [1424.1428] ZwSetContextThread
SSDT 86557034 audiodg.exe [1424.1428] ZwSetValueKey
SSDT 86554C9F audiodg.exe [1424.1428] ZwShutdownSystem
SSDT 86556C2E audiodg.exe [1424.1428] ZwSuspendThread
SSDT 86556BBB audiodg.exe [1424.1428] ZwTerminateThread
SSDT 86557315 audiodg.exe [1424.1428] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread audiodg.exe [1424:1848] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 audiodg.exe [1424.1848] ZwAlpcConnectPort
SSDT 88B892D0 audiodg.exe [1424.1848] ZwCreateThread
SSDT 86557146 audiodg.exe [1424.1848] ZwDeleteValueKey
SSDT 86556DDE audiodg.exe [1424.1848] ZwEnumerateKey
SSDT 86556EF7 audiodg.exe [1424.1848] ZwEnumerateValueKey
SSDT 88A73C78 audiodg.exe [1424.1848] ZwLoadDriver
SSDT 86556D14 audiodg.exe [1424.1848] ZwOpenKey
SSDT 86556A4E audiodg.exe [1424.1848] ZwOpenProcess
SSDT 86556AD6 audiodg.exe [1424.1848] ZwOpenThread
SSDT 8655738B audiodg.exe [1424.1848] ZwProtectVirtualMemory
SSDT 86557562 audiodg.exe [1424.1848] ZwQueryDirectoryFile
SSDT 865568FB audiodg.exe [1424.1848] ZwQuerySystemInformation
SSDT 8655729F audiodg.exe [1424.1848] ZwReadVirtualMemory
SSDT 88B21980 audiodg.exe [1424.1848] ZwResumeThread
SSDT 86556CA1 audiodg.exe [1424.1848] ZwSetContextThread
SSDT 86557034 audiodg.exe [1424.1848] ZwSetValueKey
SSDT 86554C9F audiodg.exe [1424.1848] ZwShutdownSystem
SSDT 86556C2E audiodg.exe [1424.1848] ZwSuspendThread
SSDT 86556BBB audiodg.exe [1424.1848] ZwTerminateThread
SSDT 86557315 audiodg.exe [1424.1848] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread audiodg.exe [1424:4168] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 audiodg.exe [1424.4168] ZwAlpcConnectPort
SSDT 88B892D0 audiodg.exe [1424.4168] ZwCreateThread
SSDT 86557146 audiodg.exe [1424.4168] ZwDeleteValueKey
SSDT 86556DDE audiodg.exe [1424.4168] ZwEnumerateKey
SSDT 86556EF7 audiodg.exe [1424.4168] ZwEnumerateValueKey
SSDT 88A73C78 audiodg.exe [1424.4168] ZwLoadDriver
SSDT 86556D14 audiodg.exe [1424.4168] ZwOpenKey
SSDT 86556A4E audiodg.exe [1424.4168] ZwOpenProcess
SSDT 86556AD6 audiodg.exe [1424.4168] ZwOpenThread
SSDT 8655738B audiodg.exe [1424.4168] ZwProtectVirtualMemory
SSDT 86557562 audiodg.exe [1424.4168] ZwQueryDirectoryFile
SSDT 865568FB audiodg.exe [1424.4168] ZwQuerySystemInformation
SSDT 8655729F audiodg.exe [1424.4168] ZwReadVirtualMemory
SSDT 88B21980 audiodg.exe [1424.4168] ZwResumeThread
SSDT 86556CA1 audiodg.exe [1424.4168] ZwSetContextThread
SSDT 86557034 audiodg.exe [1424.4168] ZwSetValueKey
SSDT 86554C9F audiodg.exe [1424.4168] ZwShutdownSystem
SSDT 86556C2E audiodg.exe [1424.4168] ZwSuspendThread
SSDT 86556BBB audiodg.exe [1424.4168] ZwTerminateThread
SSDT 86557315 audiodg.exe [1424.4168] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1440:1444] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1440.1444] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1440.1444] ZwCreateThread
SSDT 86557146 svchost.exe [1440.1444] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1440.1444] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1440.1444] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1440.1444] ZwLoadDriver
SSDT 86556D14 svchost.exe [1440.1444] ZwOpenKey
SSDT 86556A4E svchost.exe [1440.1444] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1440.1444] ZwOpenThread
SSDT 8655738B svchost.exe [1440.1444] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1440.1444] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1440.1444] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1440.1444] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1440.1444] ZwResumeThread
SSDT 86556CA1 svchost.exe [1440.1444] ZwSetContextThread
SSDT 86557034 svchost.exe [1440.1444] ZwSetValueKey
SSDT 86554C9F svchost.exe [1440.1444] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1440.1444] ZwSuspendThread
SSDT 86556BBB svchost.exe [1440.1444] ZwTerminateThread
SSDT 86557315 svchost.exe [1440.1444] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1440:1464] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1440.1464] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1440.1464] ZwCreateThread
SSDT 86557146 svchost.exe [1440.1464] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1440.1464] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1440.1464] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1440.1464] ZwLoadDriver
SSDT 86556D14 svchost.exe [1440.1464] ZwOpenKey
SSDT 86556A4E svchost.exe [1440.1464] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1440.1464] ZwOpenThread
SSDT 8655738B svchost.exe [1440.1464] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1440.1464] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1440.1464] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1440.1464] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1440.1464] ZwResumeThread
SSDT 86556CA1 svchost.exe [1440.1464] ZwSetContextThread
SSDT 86557034 svchost.exe [1440.1464] ZwSetValueKey
SSDT 86554C9F svchost.exe [1440.1464] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1440.1464] ZwSuspendThread
SSDT 86556BBB svchost.exe [1440.1464] ZwTerminateThread
SSDT 86557315 svchost.exe [1440.1464] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1440:1812] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1440.1812] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1440.1812] ZwCreateThread
SSDT 86557146 svchost.exe [1440.1812] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1440.1812] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1440.1812] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1440.1812] ZwLoadDriver
SSDT 86556D14 svchost.exe [1440.1812] ZwOpenKey
SSDT 86556A4E svchost.exe [1440.1812] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1440.1812] ZwOpenThread
SSDT 8655738B svchost.exe [1440.1812] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1440.1812] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1440.1812] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1440.1812] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1440.1812] ZwResumeThread
SSDT 86556CA1 svchost.exe [1440.1812] ZwSetContextThread
SSDT 86557034 svchost.exe [1440.1812] ZwSetValueKey
SSDT 86554C9F svchost.exe [1440.1812] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1440.1812] ZwSuspendThread
SSDT 86556BBB svchost.exe [1440.1812] ZwTerminateThread
SSDT 86557315 svchost.exe [1440.1812] ZwWriteVirtualMemory





#7 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:03 PM

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1440:3108] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1440.3108] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1440.3108] ZwCreateThread
SSDT 86557146 svchost.exe [1440.3108] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1440.3108] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1440.3108] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1440.3108] ZwLoadDriver
SSDT 86556D14 svchost.exe [1440.3108] ZwOpenKey
SSDT 86556A4E svchost.exe [1440.3108] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1440.3108] ZwOpenThread
SSDT 8655738B svchost.exe [1440.3108] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1440.3108] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1440.3108] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1440.3108] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1440.3108] ZwResumeThread
SSDT 86556CA1 svchost.exe [1440.3108] ZwSetContextThread
SSDT 86557034 svchost.exe [1440.3108] ZwSetValueKey
SSDT 86554C9F svchost.exe [1440.3108] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1440.3108] ZwSuspendThread
SSDT 86556BBB svchost.exe [1440.3108] ZwTerminateThread
SSDT 86557315 svchost.exe [1440.3108] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1440:10152] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1440.10152] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1440.10152] ZwCreateThread
SSDT 86557146 svchost.exe [1440.10152] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1440.10152] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1440.10152] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1440.10152] ZwLoadDriver
SSDT 86556D14 svchost.exe [1440.10152] ZwOpenKey
SSDT 86556A4E svchost.exe [1440.10152] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1440.10152] ZwOpenThread
SSDT 8655738B svchost.exe [1440.10152] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1440.10152] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1440.10152] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1440.10152] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1440.10152] ZwResumeThread
SSDT 86556CA1 svchost.exe [1440.10152] ZwSetContextThread
SSDT 86557034 svchost.exe [1440.10152] ZwSetValueKey
SSDT 86554C9F svchost.exe [1440.10152] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1440.10152] ZwSuspendThread
SSDT 86556BBB svchost.exe [1440.10152] ZwTerminateThread
SSDT 86557315 svchost.exe [1440.10152] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1468:1220] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1468.1220] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1468.1220] ZwCreateThread
SSDT 86557146 svchost.exe [1468.1220] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1468.1220] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1468.1220] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1468.1220] ZwLoadDriver
SSDT 86556D14 svchost.exe [1468.1220] ZwOpenKey
SSDT 86556A4E svchost.exe [1468.1220] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1468.1220] ZwOpenThread
SSDT 8655738B svchost.exe [1468.1220] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1468.1220] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1468.1220] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1468.1220] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1468.1220] ZwResumeThread
SSDT 86556CA1 svchost.exe [1468.1220] ZwSetContextThread
SSDT 86557034 svchost.exe [1468.1220] ZwSetValueKey
SSDT 86554C9F svchost.exe [1468.1220] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1468.1220] ZwSuspendThread
SSDT 86556BBB svchost.exe [1468.1220] ZwTerminateThread
SSDT 86557315 svchost.exe [1468.1220] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1468.1580] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1468.1580] ZwCreateThread
SSDT 86557146 svchost.exe [1468.1580] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1468.1580] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1468.1580] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1468.1580] ZwLoadDriver
SSDT 86556D14 svchost.exe [1468.1580] ZwOpenKey
SSDT 86556A4E svchost.exe [1468.1580] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1468.1580] ZwOpenThread
SSDT 8655738B svchost.exe [1468.1580] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1468.1580] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1468.1580] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1468.1580] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1468.1580] ZwResumeThread
SSDT 86556CA1 svchost.exe [1468.1580] ZwSetContextThread
SSDT 86557034 svchost.exe [1468.1580] ZwSetValueKey
SSDT 86554C9F svchost.exe [1468.1580] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1468.1580] ZwSuspendThread
SSDT 86556BBB svchost.exe [1468.1580] ZwTerminateThread
SSDT 86557315 svchost.exe [1468.1580] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1468.988] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1468.988] ZwCreateThread
SSDT 86557146 svchost.exe [1468.988] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1468.988] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1468.988] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1468.988] ZwLoadDriver
SSDT 86556D14 svchost.exe [1468.988] ZwOpenKey
SSDT 86556A4E svchost.exe [1468.988] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1468.988] ZwOpenThread
SSDT 8655738B svchost.exe [1468.988] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1468.988] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1468.988] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1468.988] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1468.988] ZwResumeThread
SSDT 86556CA1 svchost.exe [1468.988] ZwSetContextThread
SSDT 86557034 svchost.exe [1468.988] ZwSetValueKey
SSDT 86554C9F svchost.exe [1468.988] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1468.988] ZwSuspendThread
SSDT 86556BBB svchost.exe [1468.988] ZwTerminateThread
SSDT 86557315 svchost.exe [1468.988] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1468:2052] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1468.2052] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1468.2052] ZwCreateThread
SSDT 86557146 svchost.exe [1468.2052] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1468.2052] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1468.2052] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1468.2052] ZwLoadDriver
SSDT 86556D14 svchost.exe [1468.2052] ZwOpenKey
SSDT 86556A4E svchost.exe [1468.2052] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1468.2052] ZwOpenThread
SSDT 8655738B svchost.exe [1468.2052] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1468.2052] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1468.2052] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1468.2052] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1468.2052] ZwResumeThread
SSDT 86556CA1 svchost.exe [1468.2052] ZwSetContextThread
SSDT 86557034 svchost.exe [1468.2052] ZwSetValueKey
SSDT 86554C9F svchost.exe [1468.2052] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1468.2052] ZwSuspendThread
SSDT 86556BBB svchost.exe [1468.2052] ZwTerminateThread
SSDT 86557315 svchost.exe [1468.2052] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1468:3152] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1468.3152] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1468.3152] ZwCreateThread
SSDT 86557146 svchost.exe [1468.3152] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1468.3152] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1468.3152] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1468.3152] ZwLoadDriver
SSDT 86556D14 svchost.exe [1468.3152] ZwOpenKey
SSDT 86556A4E svchost.exe [1468.3152] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1468.3152] ZwOpenThread
SSDT 8655738B svchost.exe [1468.3152] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1468.3152] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1468.3152] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1468.3152] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1468.3152] ZwResumeThread
SSDT 86556CA1 svchost.exe [1468.3152] ZwSetContextThread
SSDT 86557034 svchost.exe [1468.3152] ZwSetValueKey
SSDT 86554C9F svchost.exe [1468.3152] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1468.3152] ZwSuspendThread
SSDT 86556BBB svchost.exe [1468.3152] ZwTerminateThread
SSDT 86557315 svchost.exe [1468.3152] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SLsvc.exe [1564:1568] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 SLsvc.exe [1564.1568] ZwAlpcConnectPort
SSDT 88B892D0 SLsvc.exe [1564.1568] ZwCreateThread
SSDT 86557146 SLsvc.exe [1564.1568] ZwDeleteValueKey
SSDT 86556DDE SLsvc.exe [1564.1568] ZwEnumerateKey
SSDT 86556EF7 SLsvc.exe [1564.1568] ZwEnumerateValueKey
SSDT 88A73C78 SLsvc.exe [1564.1568] ZwLoadDriver
SSDT 86556D14 SLsvc.exe [1564.1568] ZwOpenKey
SSDT 86556A4E SLsvc.exe [1564.1568] ZwOpenProcess
SSDT 86556AD6 SLsvc.exe [1564.1568] ZwOpenThread
SSDT 8655738B SLsvc.exe [1564.1568] ZwProtectVirtualMemory
SSDT 86557562 SLsvc.exe [1564.1568] ZwQueryDirectoryFile
SSDT 865568FB SLsvc.exe [1564.1568] ZwQuerySystemInformation
SSDT 8655729F SLsvc.exe [1564.1568] ZwReadVirtualMemory
SSDT 88B21980 SLsvc.exe [1564.1568] ZwResumeThread
SSDT 86556CA1 SLsvc.exe [1564.1568] ZwSetContextThread
SSDT 86557034 SLsvc.exe [1564.1568] ZwSetValueKey
SSDT 86554C9F SLsvc.exe [1564.1568] ZwShutdownSystem
SSDT 86556C2E SLsvc.exe [1564.1568] ZwSuspendThread
SSDT 86556BBB SLsvc.exe [1564.1568] ZwTerminateThread
SSDT 86557315 SLsvc.exe [1564.1568] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SLsvc.exe [1564:1588] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SLsvc.exe [1564.1588] ZwAlpcConnectPort
SSDT 88B892D0 SLsvc.exe [1564.1588] ZwCreateThread
SSDT 86557146 SLsvc.exe [1564.1588] ZwDeleteValueKey
SSDT 86556DDE SLsvc.exe [1564.1588] ZwEnumerateKey
SSDT 86556EF7 SLsvc.exe [1564.1588] ZwEnumerateValueKey
SSDT 88A73C78 SLsvc.exe [1564.1588] ZwLoadDriver
SSDT 86556D14 SLsvc.exe [1564.1588] ZwOpenKey
SSDT 86556A4E SLsvc.exe [1564.1588] ZwOpenProcess
SSDT 86556AD6 SLsvc.exe [1564.1588] ZwOpenThread
SSDT 8655738B SLsvc.exe [1564.1588] ZwProtectVirtualMemory
SSDT 86557562 SLsvc.exe [1564.1588] ZwQueryDirectoryFile
SSDT 865568FB SLsvc.exe [1564.1588] ZwQuerySystemInformation
SSDT 8655729F SLsvc.exe [1564.1588] ZwReadVirtualMemory
SSDT 88B21980 SLsvc.exe [1564.1588] ZwResumeThread
SSDT 86556CA1 SLsvc.exe [1564.1588] ZwSetContextThread
SSDT 86557034 SLsvc.exe [1564.1588] ZwSetValueKey
SSDT 86554C9F SLsvc.exe [1564.1588] ZwShutdownSystem
SSDT 86556C2E SLsvc.exe [1564.1588] ZwSuspendThread
SSDT 86556BBB SLsvc.exe [1564.1588] ZwTerminateThread
SSDT 86557315 SLsvc.exe [1564.1588] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SLsvc.exe [1564:1600] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SLsvc.exe [1564.1600] ZwAlpcConnectPort
SSDT 88B892D0 SLsvc.exe [1564.1600] ZwCreateThread
SSDT 86557146 SLsvc.exe [1564.1600] ZwDeleteValueKey
SSDT 86556DDE SLsvc.exe [1564.1600] ZwEnumerateKey
SSDT 86556EF7 SLsvc.exe [1564.1600] ZwEnumerateValueKey
SSDT 88A73C78 SLsvc.exe [1564.1600] ZwLoadDriver
SSDT 86556D14 SLsvc.exe [1564.1600] ZwOpenKey
SSDT 86556A4E SLsvc.exe [1564.1600] ZwOpenProcess
SSDT 86556AD6 SLsvc.exe [1564.1600] ZwOpenThread
SSDT 8655738B SLsvc.exe [1564.1600] ZwProtectVirtualMemory
SSDT 86557562 SLsvc.exe [1564.1600] ZwQueryDirectoryFile
SSDT 865568FB SLsvc.exe [1564.1600] ZwQuerySystemInformation
SSDT 8655729F SLsvc.exe [1564.1600] ZwReadVirtualMemory
SSDT 88B21980 SLsvc.exe [1564.1600] ZwResumeThread
SSDT 86556CA1 SLsvc.exe [1564.1600] ZwSetContextThread
SSDT 86557034 SLsvc.exe [1564.1600] ZwSetValueKey
SSDT 86554C9F SLsvc.exe [1564.1600] ZwShutdownSystem
SSDT 86556C2E SLsvc.exe [1564.1600] ZwSuspendThread
SSDT 86556BBB SLsvc.exe [1564.1600] ZwTerminateThread
SSDT 86557315 SLsvc.exe [1564.1600] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SLsvc.exe [1564:1608] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SLsvc.exe [1564.1608] ZwAlpcConnectPort
SSDT 88B892D0 SLsvc.exe [1564.1608] ZwCreateThread
SSDT 86557146 SLsvc.exe [1564.1608] ZwDeleteValueKey
SSDT 86556DDE SLsvc.exe [1564.1608] ZwEnumerateKey
SSDT 86556EF7 SLsvc.exe [1564.1608] ZwEnumerateValueKey
SSDT 88A73C78 SLsvc.exe [1564.1608] ZwLoadDriver
SSDT 86556D14 SLsvc.exe [1564.1608] ZwOpenKey
SSDT 86556A4E SLsvc.exe [1564.1608] ZwOpenProcess
SSDT 86556AD6 SLsvc.exe [1564.1608] ZwOpenThread
SSDT 8655738B SLsvc.exe [1564.1608] ZwProtectVirtualMemory
SSDT 86557562 SLsvc.exe [1564.1608] ZwQueryDirectoryFile
SSDT 865568FB SLsvc.exe [1564.1608] ZwQuerySystemInformation
SSDT 8655729F SLsvc.exe [1564.1608] ZwReadVirtualMemory
SSDT 88B21980 SLsvc.exe [1564.1608] ZwResumeThread
SSDT 86556CA1 SLsvc.exe [1564.1608] ZwSetContextThread
SSDT 86557034 SLsvc.exe [1564.1608] ZwSetValueKey
SSDT 86554C9F SLsvc.exe [1564.1608] ZwShutdownSystem
SSDT 86556C2E SLsvc.exe [1564.1608] ZwSuspendThread
SSDT 86556BBB SLsvc.exe [1564.1608] ZwTerminateThread
SSDT 86557315 SLsvc.exe [1564.1608] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:1596] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.1596] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1596] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1596] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1596] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1596] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1596] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1596] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1596] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1596] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1596] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1596] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1596] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1596] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1596] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1596] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1596] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1596] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1596] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1596] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1596] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:1620] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.1620] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1620] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1620] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1620] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1620] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1620] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1620] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1620] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1620] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1620] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1620] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1620] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1620] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1620] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1620] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1620] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1620] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1620] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1620] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1620] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:1636] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.1636] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1636] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1636] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1636] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1636] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1636] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1636] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1636] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1636] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1636] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1636] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1636] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1636] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1636] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1636] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1636] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1636] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1636] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1636] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1636] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:1640] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.1640] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1640] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1640] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1640] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1640] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1640] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1640] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1640] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1640] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1640] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1640] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1640] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1640] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1640] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1640] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1640] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1640] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1640] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1640] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1640] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1592.1648] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1648] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1648] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1648] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1648] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1648] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1648] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1648] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1648] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1648] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1648] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1648] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1648] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1648] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1648] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1648] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1648] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1648] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1648] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1648] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:412] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.412] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.412] ZwCreateThread
SSDT 86557146 svchost.exe [1592.412] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.412] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.412] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.412] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.412] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.412] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.412] ZwOpenThread
SSDT 8655738B svchost.exe [1592.412] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.412] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.412] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.412] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.412] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.412] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.412] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.412] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.412] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.412] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.412] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:420] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.420] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.420] ZwCreateThread
SSDT 86557146 svchost.exe [1592.420] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.420] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.420] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.420] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.420] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.420] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.420] ZwOpenThread
SSDT 8655738B svchost.exe [1592.420] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.420] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.420] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.420] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.420] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.420] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.420] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.420] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.420] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.420] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.420] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:488] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.488] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.488] ZwCreateThread
SSDT 86557146 svchost.exe [1592.488] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.488] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.488] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.488] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.488] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.488] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.488] ZwOpenThread
SSDT 8655738B svchost.exe [1592.488] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.488] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.488] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.488] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.488] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.488] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.488] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.488] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.488] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.488] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.488] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:484] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.484] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.484] ZwCreateThread
SSDT 86557146 svchost.exe [1592.484] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.484] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.484] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.484] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.484] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.484] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.484] ZwOpenThread
SSDT 8655738B svchost.exe [1592.484] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.484] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.484] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.484] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.484] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.484] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.484] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.484] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.484] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.484] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.484] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:560] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.560] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.560] ZwCreateThread
SSDT 86557146 svchost.exe [1592.560] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.560] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.560] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.560] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.560] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.560] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.560] ZwOpenThread
SSDT 8655738B svchost.exe [1592.560] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.560] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.560] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.560] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.560] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.560] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.560] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.560] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.560] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.560] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.560] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:1452] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.1452] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1452] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1452] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1452] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1452] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1452] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1452] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1452] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1452] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1452] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1452] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1452] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1452] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1452] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1452] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1452] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1452] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1452] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1452] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1452] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:880] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.880] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.880] ZwCreateThread
SSDT 86557146 svchost.exe [1592.880] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.880] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.880] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.880] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.880] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.880] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.880] ZwOpenThread
SSDT 8655738B svchost.exe [1592.880] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.880] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.880] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.880] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.880] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.880] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.880] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.880] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.880] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.880] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.880] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1592.1612] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.1612] ZwCreateThread
SSDT 86557146 svchost.exe [1592.1612] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.1612] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.1612] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.1612] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.1612] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.1612] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.1612] ZwOpenThread
SSDT 8655738B svchost.exe [1592.1612] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.1612] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.1612] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.1612] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.1612] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.1612] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.1612] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.1612] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.1612] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.1612] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.1612] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2168] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2168] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2168] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2168] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2168] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2168] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2168] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2168] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2168] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2168] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2168] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2168] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2168] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2168] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2168] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2168] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2168] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2168] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2168] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2168] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2168] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2172] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2172] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2172] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2172] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2172] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2172] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2172] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2172] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2172] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2172] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2172] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2172] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2172] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2172] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2172] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2172] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2172] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2172] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2172] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2172] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2172] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1592.2180] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2180] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2180] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2180] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2180] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2180] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2180] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2180] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2180] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2180] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2180] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2180] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2180] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2180] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2180] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2180] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2180] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2180] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2180] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2180] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2232] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2232] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2232] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2232] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2232] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2232] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2232] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2232] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2232] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2232] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2232] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2232] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2232] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2232] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2232] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2232] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2232] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2232] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2232] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2232] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2232] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1592.2248] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2248] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2248] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2248] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2248] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2248] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2248] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2248] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2248] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2248] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2248] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2248] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2248] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2248] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2248] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2248] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2248] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2248] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2248] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2248] ZwWriteVirtualMemory





#8 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:05 PM

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2388] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2388] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2388] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2388] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2388] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2388] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2388] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2388] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2388] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2388] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2388] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2388] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2388] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2388] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2388] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2388] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2388] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2388] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2388] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2388] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2388] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2400] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2400] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2400] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2400] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2400] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2400] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2400] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2400] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2400] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2400] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2400] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2400] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2400] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2400] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2400] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2400] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2400] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2400] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2400] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2400] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2400] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2452] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2452] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2452] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2452] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2452] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2452] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2452] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2452] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2452] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2452] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2452] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2452] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2452] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2452] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2452] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2452] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2452] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2452] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2452] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2452] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2452] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2460] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2460] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2460] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2460] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2460] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2460] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2460] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2460] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2460] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2460] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2460] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2460] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2460] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2460] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2460] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2460] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2460] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2460] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2460] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2460] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2460] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:2756] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.2756] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.2756] ZwCreateThread
SSDT 86557146 svchost.exe [1592.2756] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.2756] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.2756] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.2756] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.2756] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.2756] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.2756] ZwOpenThread
SSDT 8655738B svchost.exe [1592.2756] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.2756] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.2756] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.2756] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.2756] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.2756] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.2756] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.2756] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.2756] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.2756] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.2756] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1592:3800] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1592.3800] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1592.3800] ZwCreateThread
SSDT 86557146 svchost.exe [1592.3800] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1592.3800] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1592.3800] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1592.3800] ZwLoadDriver
SSDT 86556D14 svchost.exe [1592.3800] ZwOpenKey
SSDT 86556A4E svchost.exe [1592.3800] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1592.3800] ZwOpenThread
SSDT 8655738B svchost.exe [1592.3800] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1592.3800] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1592.3800] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1592.3800] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1592.3800] ZwResumeThread
SSDT 86556CA1 svchost.exe [1592.3800] ZwSetContextThread
SSDT 86557034 svchost.exe [1592.3800] ZwSetValueKey
SSDT 86554C9F svchost.exe [1592.3800] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1592.3800] ZwSuspendThread
SSDT 86556BBB svchost.exe [1592.3800] ZwTerminateThread
SSDT 86557315 svchost.exe [1592.3800] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1696.1700] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.1700] ZwCreateThread
SSDT 86557146 svchost.exe [1696.1700] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.1700] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.1700] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.1700] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.1700] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.1700] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.1700] ZwOpenThread
SSDT 8655738B svchost.exe [1696.1700] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.1700] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.1700] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.1700] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.1700] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.1700] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.1700] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.1700] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.1700] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.1700] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.1700] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1696.1756] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.1756] ZwCreateThread
SSDT 86557146 svchost.exe [1696.1756] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.1756] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.1756] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.1756] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.1756] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.1756] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.1756] ZwOpenThread
SSDT 8655738B svchost.exe [1696.1756] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.1756] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.1756] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.1756] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.1756] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.1756] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.1756] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.1756] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.1756] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.1756] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.1756] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1696.1760] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.1760] ZwCreateThread
SSDT 86557146 svchost.exe [1696.1760] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.1760] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.1760] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.1760] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.1760] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.1760] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.1760] ZwOpenThread
SSDT 8655738B svchost.exe [1696.1760] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.1760] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.1760] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.1760] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.1760] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.1760] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.1760] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.1760] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.1760] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.1760] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.1760] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:1764] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.1764] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.1764] ZwCreateThread
SSDT 86557146 svchost.exe [1696.1764] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.1764] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.1764] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.1764] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.1764] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.1764] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.1764] ZwOpenThread
SSDT 8655738B svchost.exe [1696.1764] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.1764] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.1764] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.1764] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.1764] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.1764] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.1764] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.1764] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.1764] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.1764] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.1764] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:1772] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.1772] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.1772] ZwCreateThread
SSDT 86557146 svchost.exe [1696.1772] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.1772] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.1772] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.1772] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.1772] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.1772] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.1772] ZwOpenThread
SSDT 8655738B svchost.exe [1696.1772] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.1772] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.1772] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.1772] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.1772] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.1772] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.1772] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.1772] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.1772] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.1772] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.1772] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1696.360] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.360] ZwCreateThread
SSDT 86557146 svchost.exe [1696.360] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.360] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.360] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.360] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.360] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.360] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.360] ZwOpenThread
SSDT 8655738B svchost.exe [1696.360] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.360] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.360] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.360] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.360] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.360] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.360] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.360] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.360] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.360] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.360] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:388] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.388] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.388] ZwCreateThread
SSDT 86557146 svchost.exe [1696.388] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.388] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.388] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.388] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.388] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.388] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.388] ZwOpenThread
SSDT 8655738B svchost.exe [1696.388] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.388] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.388] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.388] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.388] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.388] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.388] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.388] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.388] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.388] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.388] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2160] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2160] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2160] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2160] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2160] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2160] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2160] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2160] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2160] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2160] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2160] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2160] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2160] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2160] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2160] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2160] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2160] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2160] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2160] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2160] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2160] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2176] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2176] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2176] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2176] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2176] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2176] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2176] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2176] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2176] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2176] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2176] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2176] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2176] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2176] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2176] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2176] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2176] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2176] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2176] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2176] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2176] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1696.2424] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2424] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2424] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2424] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2424] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2424] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2424] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2424] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2424] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2424] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2424] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2424] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2424] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2424] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2424] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2424] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2424] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2424] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2424] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2424] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2428] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2428] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2428] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2428] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2428] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2428] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2428] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2428] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2428] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2428] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2428] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2428] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2428] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2428] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2428] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2428] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2428] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2428] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2428] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2428] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2428] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2468] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2468] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2468] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2468] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2468] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2468] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2468] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2468] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2468] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2468] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2468] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2468] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2468] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2468] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2468] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2468] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2468] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2468] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2468] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2468] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2468] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2472] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2472] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2472] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2472] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2472] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2472] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2472] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2472] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2472] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2472] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2472] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2472] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2472] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2472] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2472] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2472] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2472] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2472] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2472] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2472] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2472] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2560] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2560] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2560] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2560] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2560] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2560] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2560] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2560] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2560] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2560] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2560] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2560] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2560] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2560] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2560] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2560] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2560] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2560] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2560] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2560] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2560] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2572] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2572] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2572] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2572] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2572] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2572] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2572] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2572] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2572] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2572] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2572] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2572] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2572] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2572] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2572] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2572] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2572] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2572] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2572] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2572] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2572] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2576] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2576] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2576] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2576] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2576] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2576] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2576] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2576] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2576] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2576] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2576] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2576] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2576] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2576] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2576] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2576] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2576] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2576] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2576] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2576] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2576] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2580] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2580] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2580] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2580] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2580] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2580] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2580] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2580] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2580] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2580] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2580] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2580] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2580] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2580] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2580] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2580] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2580] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2580] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2580] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2580] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2580] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2584] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2584] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2584] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2584] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2584] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2584] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2584] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2584] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2584] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2584] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2584] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2584] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2584] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2584] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2584] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2584] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2584] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2584] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2584] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2584] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2584] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:2588] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.2588] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2588] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2588] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2588] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2588] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2588] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2588] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2588] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2588] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2588] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2588] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2588] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2588] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2588] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2588] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2588] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2588] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2588] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2588] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2588] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:3496] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.3496] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.3496] ZwCreateThread
SSDT 86557146 svchost.exe [1696.3496] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.3496] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.3496] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.3496] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.3496] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.3496] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.3496] ZwOpenThread
SSDT 8655738B svchost.exe [1696.3496] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.3496] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.3496] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.3496] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.3496] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.3496] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.3496] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.3496] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.3496] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.3496] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.3496] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:4992] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.4992] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.4992] ZwCreateThread
SSDT 86557146 svchost.exe [1696.4992] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.4992] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.4992] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.4992] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.4992] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.4992] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.4992] ZwOpenThread
SSDT 8655738B svchost.exe [1696.4992] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.4992] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.4992] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.4992] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.4992] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.4992] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.4992] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.4992] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.4992] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.4992] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.4992] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [1696.2752] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.2752] ZwCreateThread
SSDT 86557146 svchost.exe [1696.2752] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.2752] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.2752] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.2752] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.2752] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.2752] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.2752] ZwOpenThread
SSDT 8655738B svchost.exe [1696.2752] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.2752] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.2752] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.2752] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.2752] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.2752] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.2752] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.2752] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.2752] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.2752] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.2752] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:4748] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.4748] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.4748] ZwCreateThread
SSDT 86557146 svchost.exe [1696.4748] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.4748] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.4748] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.4748] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.4748] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.4748] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.4748] ZwOpenThread
SSDT 8655738B svchost.exe [1696.4748] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.4748] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.4748] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.4748] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.4748] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.4748] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.4748] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.4748] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.4748] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.4748] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.4748] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:10128] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.10128] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.10128] ZwCreateThread
SSDT 86557146 svchost.exe [1696.10128] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.10128] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.10128] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.10128] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.10128] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.10128] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.10128] ZwOpenThread
SSDT 8655738B svchost.exe [1696.10128] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.10128] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.10128] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.10128] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.10128] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.10128] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.10128] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.10128] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.10128] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.10128] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.10128] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1696:9696] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [1696.9696] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [1696.9696] ZwCreateThread
SSDT 86557146 svchost.exe [1696.9696] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [1696.9696] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [1696.9696] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [1696.9696] ZwLoadDriver
SSDT 86556D14 svchost.exe [1696.9696] ZwOpenKey
SSDT 86556A4E svchost.exe [1696.9696] ZwOpenProcess
SSDT 86556AD6 svchost.exe [1696.9696] ZwOpenThread
SSDT 8655738B svchost.exe [1696.9696] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [1696.9696] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [1696.9696] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [1696.9696] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [1696.9696] ZwResumeThread
SSDT 86556CA1 svchost.exe [1696.9696] ZwSetContextThread
SSDT 86557034 svchost.exe [1696.9696] ZwSetValueKey
SSDT 86554C9F svchost.exe [1696.9696] ZwShutdownSystem
SSDT 86556C2E svchost.exe [1696.9696] ZwSuspendThread
SSDT 86556BBB svchost.exe [1696.9696] ZwTerminateThread
SSDT 86557315 svchost.exe [1696.9696] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1832:1836] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1832.1836] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1832.1836] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1832.1836] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1832.1836] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1832.1836] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1832.1836] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1832.1836] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1832.1836] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1832.1836] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1832.1836] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1832.1836] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1832.1836] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1832.1836] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1832.1836] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1832.1836] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1832.1836] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1832.1836] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1832.1836] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1832.1836] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1832.1836] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1832:1948] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1832.1948] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1832.1948] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1832.1948] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1832.1948] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1832.1948] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1832.1948] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1832.1948] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1832.1948] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1832.1948] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1832.1948] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1832.1948] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1832.1948] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1832.1948] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1832.1948] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1832.1948] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1832.1948] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1832.1948] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1832.1948] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1832.1948] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1832.1948] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1832:1952] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1832.1952] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1832.1952] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1832.1952] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1832.1952] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1832.1952] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1832.1952] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1832.1952] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1832.1952] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1832.1952] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1832.1952] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1832.1952] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1832.1952] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1832.1952] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1832.1952] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1832.1952] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1832.1952] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1832.1952] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1832.1952] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1832.1952] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1832.1952] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1832:1956] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1832.1956] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1832.1956] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1832.1956] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1832.1956] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1832.1956] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1832.1956] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1832.1956] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1832.1956] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1832.1956] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1832.1956] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1832.1956] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1832.1956] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1832.1956] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1832.1956] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1832.1956] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1832.1956] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1832.1956] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1832.1956] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1832.1956] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1832.1956] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1832:1984] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1832.1984] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1832.1984] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1832.1984] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1832.1984] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1832.1984] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1832.1984] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1832.1984] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1832.1984] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1832.1984] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1832.1984] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1832.1984] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1832.1984] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1832.1984] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1832.1984] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1832.1984] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1832.1984] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1832.1984] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1832.1984] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1832.1984] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1832.1984] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Ati2evxx.exe [1832:2244] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 Ati2evxx.exe [1832.2244] ZwAlpcConnectPort
SSDT 88B892D0 Ati2evxx.exe [1832.2244] ZwCreateThread
SSDT 86557146 Ati2evxx.exe [1832.2244] ZwDeleteValueKey
SSDT 86556DDE Ati2evxx.exe [1832.2244] ZwEnumerateKey
SSDT 86556EF7 Ati2evxx.exe [1832.2244] ZwEnumerateValueKey
SSDT 88A73C78 Ati2evxx.exe [1832.2244] ZwLoadDriver
SSDT 86556D14 Ati2evxx.exe [1832.2244] ZwOpenKey
SSDT 86556A4E Ati2evxx.exe [1832.2244] ZwOpenProcess
SSDT 86556AD6 Ati2evxx.exe [1832.2244] ZwOpenThread
SSDT 8655738B Ati2evxx.exe [1832.2244] ZwProtectVirtualMemory
SSDT 86557562 Ati2evxx.exe [1832.2244] ZwQueryDirectoryFile
SSDT 865568FB Ati2evxx.exe [1832.2244] ZwQuerySystemInformation
SSDT 8655729F Ati2evxx.exe [1832.2244] ZwReadVirtualMemory
SSDT 88B21980 Ati2evxx.exe [1832.2244] ZwResumeThread
SSDT 86556CA1 Ati2evxx.exe [1832.2244] ZwSetContextThread
SSDT 86557034 Ati2evxx.exe [1832.2244] ZwSetValueKey
SSDT 86554C9F Ati2evxx.exe [1832.2244] ZwShutdownSystem
SSDT 86556C2E Ati2evxx.exe [1832.2244] ZwSuspendThread
SSDT 86556BBB Ati2evxx.exe [1832.2244] ZwTerminateThread
SSDT 86557315 Ati2evxx.exe [1832.2244] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ehmsas.exe [1844:1852] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 ehmsas.exe [1844.1852] ZwAlpcConnectPort
SSDT 88B892D0 ehmsas.exe [1844.1852] ZwCreateThread
SSDT 86557146 ehmsas.exe [1844.1852] ZwDeleteValueKey
SSDT 86556DDE ehmsas.exe [1844.1852] ZwEnumerateKey
SSDT 86556EF7 ehmsas.exe [1844.1852] ZwEnumerateValueKey
SSDT 88A73C78 ehmsas.exe [1844.1852] ZwLoadDriver
SSDT 86556D14 ehmsas.exe [1844.1852] ZwOpenKey
SSDT 86556A4E ehmsas.exe [1844.1852] ZwOpenProcess
SSDT 86556AD6 ehmsas.exe [1844.1852] ZwOpenThread
SSDT 8655738B ehmsas.exe [1844.1852] ZwProtectVirtualMemory
SSDT 86557562 ehmsas.exe [1844.1852] ZwQueryDirectoryFile
SSDT 865568FB ehmsas.exe [1844.1852] ZwQuerySystemInformation
SSDT 8655729F ehmsas.exe [1844.1852] ZwReadVirtualMemory
SSDT 88B21980 ehmsas.exe [1844.1852] ZwResumeThread
SSDT 86556CA1 ehmsas.exe [1844.1852] ZwSetContextThread
SSDT 86557034 ehmsas.exe [1844.1852] ZwSetValueKey
SSDT 86554C9F ehmsas.exe [1844.1852] ZwShutdownSystem
SSDT 86556C2E ehmsas.exe [1844.1852] ZwSuspendThread
SSDT 86556BBB ehmsas.exe [1844.1852] ZwTerminateThread
SSDT 86557315 ehmsas.exe [1844.1852] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ehmsas.exe [1844:1804] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ehmsas.exe [1844.1804] ZwAlpcConnectPort
SSDT 88B892D0 ehmsas.exe [1844.1804] ZwCreateThread
SSDT 86557146 ehmsas.exe [1844.1804] ZwDeleteValueKey
SSDT 86556DDE ehmsas.exe [1844.1804] ZwEnumerateKey
SSDT 86556EF7 ehmsas.exe [1844.1804] ZwEnumerateValueKey
SSDT 88A73C78 ehmsas.exe [1844.1804] ZwLoadDriver
SSDT 86556D14 ehmsas.exe [1844.1804] ZwOpenKey
SSDT 86556A4E ehmsas.exe [1844.1804] ZwOpenProcess
SSDT 86556AD6 ehmsas.exe [1844.1804] ZwOpenThread
SSDT 8655738B ehmsas.exe [1844.1804] ZwProtectVirtualMemory
SSDT 86557562 ehmsas.exe [1844.1804] ZwQueryDirectoryFile
SSDT 865568FB ehmsas.exe [1844.1804] ZwQuerySystemInformation
SSDT 8655729F ehmsas.exe [1844.1804] ZwReadVirtualMemory
SSDT 88B21980 ehmsas.exe [1844.1804] ZwResumeThread
SSDT 86556CA1 ehmsas.exe [1844.1804] ZwSetContextThread
SSDT 86557034 ehmsas.exe [1844.1804] ZwSetValueKey
SSDT 86554C9F ehmsas.exe [1844.1804] ZwShutdownSystem
SSDT 86556C2E ehmsas.exe [1844.1804] ZwSuspendThread
SSDT 86556BBB ehmsas.exe [1844.1804] ZwTerminateThread
SSDT 86557315 ehmsas.exe [1844.1804] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ehmsas.exe [1844:4832] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ehmsas.exe [1844.4832] ZwAlpcConnectPort
SSDT 88B892D0 ehmsas.exe [1844.4832] ZwCreateThread
SSDT 86557146 ehmsas.exe [1844.4832] ZwDeleteValueKey
SSDT 86556DDE ehmsas.exe [1844.4832] ZwEnumerateKey
SSDT 86556EF7 ehmsas.exe [1844.4832] ZwEnumerateValueKey
SSDT 88A73C78 ehmsas.exe [1844.4832] ZwLoadDriver
SSDT 86556D14 ehmsas.exe [1844.4832] ZwOpenKey
SSDT 86556A4E ehmsas.exe [1844.4832] ZwOpenProcess
SSDT 86556AD6 ehmsas.exe [1844.4832] ZwOpenThread
SSDT 8655738B ehmsas.exe [1844.4832] ZwProtectVirtualMemory
SSDT 86557562 ehmsas.exe [1844.4832] ZwQueryDirectoryFile
SSDT 865568FB ehmsas.exe [1844.4832] ZwQuerySystemInformation
SSDT 8655729F ehmsas.exe [1844.4832] ZwReadVirtualMemory
SSDT 88B21980 ehmsas.exe [1844.4832] ZwResumeThread
SSDT 86556CA1 ehmsas.exe [1844.4832] ZwSetContextThread
SSDT 86557034 ehmsas.exe [1844.4832] ZwSetValueKey
SSDT 86554C9F ehmsas.exe [1844.4832] ZwShutdownSystem
SSDT 86556C2E ehmsas.exe [1844.4832] ZwSuspendThread
SSDT 86556BBB ehmsas.exe [1844.4832] ZwTerminateThread
SSDT 86557315 ehmsas.exe [1844.4832] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:2040] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.2040] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.2040] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.2040] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.2040] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.2040] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.2040] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.2040] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.2040] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.2040] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.2040] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.2040] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.2040] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.2040] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.2040] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.2040] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.2040] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.2040] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.2040] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.2040] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.2040] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:2044] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.2044] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.2044] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.2044] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.2044] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.2044] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.2044] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.2044] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.2044] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.2044] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.2044] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.2044] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.2044] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.2044] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.2044] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.2044] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.2044] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.2044] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.2044] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.2044] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.2044] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:124] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.124] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.124] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.124] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.124] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.124] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.124] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.124] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.124] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.124] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.124] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.124] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.124] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.124] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.124] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.124] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.124] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.124] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.124] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.124] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.124] ZwWriteVirtualMemory
SSDT 88A73ED8 spoolsv.exe [2036.240] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.240] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.240] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.240] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.240] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.240] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.240] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.240] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.240] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.240] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.240] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.240] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.240] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.240] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.240] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.240] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.240] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.240] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.240] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.240] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3268] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3268] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3268] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3268] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3268] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3268] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3268] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3268] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3268] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3268] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3268] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3268] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3268] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3268] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3268] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3268] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3268] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3268] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3268] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3268] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3268] ZwWriteVirtualMemory





#9 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:06 PM

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3272] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3272] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3272] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3272] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3272] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3272] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3272] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3272] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3272] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3272] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3272] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3272] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3272] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3272] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3272] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3272] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3272] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3272] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3272] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3272] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3272] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3276] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3276] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3276] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3276] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3276] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3276] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3276] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3276] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3276] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3276] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3276] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3276] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3276] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3276] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3276] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3276] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3276] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3276] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3276] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3276] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3276] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3280] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3280] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3280] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3280] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3280] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3280] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3280] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3280] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3280] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3280] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3280] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3280] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3280] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3280] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3280] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3280] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3280] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3280] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3280] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3280] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3280] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3284] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3284] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3284] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3284] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3284] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3284] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3284] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3284] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3284] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3284] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3284] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3284] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3284] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3284] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3284] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3284] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3284] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3284] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3284] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3284] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3284] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3288] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3288] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3288] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3288] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3288] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3288] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3288] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3288] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3288] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3288] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3288] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3288] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3288] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3288] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3288] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3288] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3288] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3288] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3288] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3288] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3288] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3296] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3296] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3296] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3296] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3296] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3296] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3296] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3296] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3296] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3296] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3296] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3296] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3296] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3296] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3296] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3296] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3296] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3296] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3296] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3296] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3296] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3300] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3300] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3300] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3300] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3300] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3300] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3300] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3300] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3300] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3300] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3300] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3300] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3300] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3300] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3300] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3300] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3300] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3300] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3300] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3300] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3300] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3304] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3304] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3304] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3304] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3304] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3304] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3304] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3304] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3304] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3304] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3304] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3304] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3304] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3304] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3304] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3304] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3304] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3304] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3304] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3304] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3304] ZwWriteVirtualMemory
SSDT 88A73ED8 spoolsv.exe [2036.3308] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3308] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3308] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3308] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3308] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3308] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3308] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3308] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3308] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3308] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3308] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3308] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3308] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3308] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3308] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3308] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3308] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3308] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3308] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3308] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:3316] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.3316] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.3316] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.3316] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.3316] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.3316] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.3316] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.3316] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.3316] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.3316] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.3316] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.3316] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.3316] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.3316] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.3316] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.3316] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.3316] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.3316] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.3316] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.3316] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.3316] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread spoolsv.exe [2036:4296] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 spoolsv.exe [2036.4296] ZwAlpcConnectPort
SSDT 88B892D0 spoolsv.exe [2036.4296] ZwCreateThread
SSDT 86557146 spoolsv.exe [2036.4296] ZwDeleteValueKey
SSDT 86556DDE spoolsv.exe [2036.4296] ZwEnumerateKey
SSDT 86556EF7 spoolsv.exe [2036.4296] ZwEnumerateValueKey
SSDT 88A73C78 spoolsv.exe [2036.4296] ZwLoadDriver
SSDT 86556D14 spoolsv.exe [2036.4296] ZwOpenKey
SSDT 86556A4E spoolsv.exe [2036.4296] ZwOpenProcess
SSDT 86556AD6 spoolsv.exe [2036.4296] ZwOpenThread
SSDT 8655738B spoolsv.exe [2036.4296] ZwProtectVirtualMemory
SSDT 86557562 spoolsv.exe [2036.4296] ZwQueryDirectoryFile
SSDT 865568FB spoolsv.exe [2036.4296] ZwQuerySystemInformation
SSDT 8655729F spoolsv.exe [2036.4296] ZwReadVirtualMemory
SSDT 88B21980 spoolsv.exe [2036.4296] ZwResumeThread
SSDT 86556CA1 spoolsv.exe [2036.4296] ZwSetContextThread
SSDT 86557034 spoolsv.exe [2036.4296] ZwSetValueKey
SSDT 86554C9F spoolsv.exe [2036.4296] ZwShutdownSystem
SSDT 86556C2E spoolsv.exe [2036.4296] ZwSuspendThread
SSDT 86556BBB spoolsv.exe [2036.4296] ZwTerminateThread
SSDT 86557315 spoolsv.exe [2036.4296] ZwWriteVirtualMemory
SSDT 88A73ED8 SeaPort.exe [2080.2084] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2084] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2084] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2084] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2084] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2084] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2084] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2084] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2084] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2084] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2084] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2084] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2084] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2084] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2084] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2084] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2084] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2084] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2084] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2084] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SeaPort.exe [2080:2092] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SeaPort.exe [2080.2092] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2092] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2092] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2092] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2092] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2092] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2092] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2092] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2092] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2092] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2092] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2092] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2092] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2092] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2092] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2092] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2092] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2092] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2092] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2092] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SeaPort.exe [2080:2096] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SeaPort.exe [2080.2096] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2096] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2096] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2096] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2096] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2096] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2096] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2096] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2096] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2096] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2096] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2096] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2096] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2096] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2096] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2096] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2096] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2096] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2096] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2096] ZwWriteVirtualMemory
SSDT 88A73ED8 SeaPort.exe [2080.2100] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2100] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2100] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2100] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2100] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2100] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2100] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2100] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2100] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2100] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2100] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2100] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2100] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2100] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2100] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2100] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2100] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2100] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2100] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2100] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SeaPort.exe [2080:2104] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 SeaPort.exe [2080.2104] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2104] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2104] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2104] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2104] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2104] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2104] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2104] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2104] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2104] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2104] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2104] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2104] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2104] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2104] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2104] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2104] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2104] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2104] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2104] ZwWriteVirtualMemory
SSDT 88A73ED8 SeaPort.exe [2080.2728] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2728] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2728] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2728] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2728] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2728] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2728] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2728] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2728] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2728] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2728] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2728] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2728] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2728] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2728] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2728] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2728] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2728] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2728] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2728] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SeaPort.exe [2080:2732] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SeaPort.exe [2080.2732] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2732] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2732] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2732] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2732] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2732] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2732] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2732] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2732] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2732] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2732] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2732] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2732] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2732] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2732] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2732] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2732] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2732] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2732] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2732] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SeaPort.exe [2080:2852] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SeaPort.exe [2080.2852] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.2852] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.2852] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.2852] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.2852] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.2852] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.2852] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.2852] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.2852] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.2852] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.2852] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.2852] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.2852] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.2852] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.2852] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.2852] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.2852] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.2852] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.2852] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.2852] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SeaPort.exe [2080:5188] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SeaPort.exe [2080.5188] ZwAlpcConnectPort
SSDT 88B892D0 SeaPort.exe [2080.5188] ZwCreateThread
SSDT 86557146 SeaPort.exe [2080.5188] ZwDeleteValueKey
SSDT 86556DDE SeaPort.exe [2080.5188] ZwEnumerateKey
SSDT 86556EF7 SeaPort.exe [2080.5188] ZwEnumerateValueKey
SSDT 88A73C78 SeaPort.exe [2080.5188] ZwLoadDriver
SSDT 86556D14 SeaPort.exe [2080.5188] ZwOpenKey
SSDT 86556A4E SeaPort.exe [2080.5188] ZwOpenProcess
SSDT 86556AD6 SeaPort.exe [2080.5188] ZwOpenThread
SSDT 8655738B SeaPort.exe [2080.5188] ZwProtectVirtualMemory
SSDT 86557562 SeaPort.exe [2080.5188] ZwQueryDirectoryFile
SSDT 865568FB SeaPort.exe [2080.5188] ZwQuerySystemInformation
SSDT 8655729F SeaPort.exe [2080.5188] ZwReadVirtualMemory
SSDT 88B21980 SeaPort.exe [2080.5188] ZwResumeThread
SSDT 86556CA1 SeaPort.exe [2080.5188] ZwSetContextThread
SSDT 86557034 SeaPort.exe [2080.5188] ZwSetValueKey
SSDT 86554C9F SeaPort.exe [2080.5188] ZwShutdownSystem
SSDT 86556C2E SeaPort.exe [2080.5188] ZwSuspendThread
SSDT 86556BBB SeaPort.exe [2080.5188] ZwTerminateThread
SSDT 86557315 SeaPort.exe [2080.5188] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ApMsgFwd.exe [2112:2564] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 ApMsgFwd.exe [2112.2564] ZwAlpcConnectPort
SSDT 88B892D0 ApMsgFwd.exe [2112.2564] ZwCreateThread
SSDT 86557146 ApMsgFwd.exe [2112.2564] ZwDeleteValueKey
SSDT 86556DDE ApMsgFwd.exe [2112.2564] ZwEnumerateKey
SSDT 86556EF7 ApMsgFwd.exe [2112.2564] ZwEnumerateValueKey
SSDT 88A73C78 ApMsgFwd.exe [2112.2564] ZwLoadDriver
SSDT 86556D14 ApMsgFwd.exe [2112.2564] ZwOpenKey
SSDT 86556A4E ApMsgFwd.exe [2112.2564] ZwOpenProcess
SSDT 86556AD6 ApMsgFwd.exe [2112.2564] ZwOpenThread
SSDT 8655738B ApMsgFwd.exe [2112.2564] ZwProtectVirtualMemory
SSDT 86557562 ApMsgFwd.exe [2112.2564] ZwQueryDirectoryFile
SSDT 865568FB ApMsgFwd.exe [2112.2564] ZwQuerySystemInformation
SSDT 8655729F ApMsgFwd.exe [2112.2564] ZwReadVirtualMemory
SSDT 88B21980 ApMsgFwd.exe [2112.2564] ZwResumeThread
SSDT 86556CA1 ApMsgFwd.exe [2112.2564] ZwSetContextThread
SSDT 86557034 ApMsgFwd.exe [2112.2564] ZwSetValueKey
SSDT 86554C9F ApMsgFwd.exe [2112.2564] ZwShutdownSystem
SSDT 86556C2E ApMsgFwd.exe [2112.2564] ZwSuspendThread
SSDT 86556BBB ApMsgFwd.exe [2112.2564] ZwTerminateThread
SSDT 86557315 ApMsgFwd.exe [2112.2564] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ApMsgFwd.exe [2112:1868] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 ApMsgFwd.exe [2112.1868] ZwAlpcConnectPort
SSDT 88B892D0 ApMsgFwd.exe [2112.1868] ZwCreateThread
SSDT 86557146 ApMsgFwd.exe [2112.1868] ZwDeleteValueKey
SSDT 86556DDE ApMsgFwd.exe [2112.1868] ZwEnumerateKey
SSDT 86556EF7 ApMsgFwd.exe [2112.1868] ZwEnumerateValueKey
SSDT 88A73C78 ApMsgFwd.exe [2112.1868] ZwLoadDriver
SSDT 86556D14 ApMsgFwd.exe [2112.1868] ZwOpenKey
SSDT 86556A4E ApMsgFwd.exe [2112.1868] ZwOpenProcess
SSDT 86556AD6 ApMsgFwd.exe [2112.1868] ZwOpenThread
SSDT 8655738B ApMsgFwd.exe [2112.1868] ZwProtectVirtualMemory
SSDT 86557562 ApMsgFwd.exe [2112.1868] ZwQueryDirectoryFile
SSDT 865568FB ApMsgFwd.exe [2112.1868] ZwQuerySystemInformation
SSDT 8655729F ApMsgFwd.exe [2112.1868] ZwReadVirtualMemory
SSDT 88B21980 ApMsgFwd.exe [2112.1868] ZwResumeThread
SSDT 86556CA1 ApMsgFwd.exe [2112.1868] ZwSetContextThread
SSDT 86557034 ApMsgFwd.exe [2112.1868] ZwSetValueKey
SSDT 86554C9F ApMsgFwd.exe [2112.1868] ZwShutdownSystem
SSDT 86556C2E ApMsgFwd.exe [2112.1868] ZwSuspendThread
SSDT 86556BBB ApMsgFwd.exe [2112.1868] ZwTerminateThread
SSDT 86557315 ApMsgFwd.exe [2112.1868] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2120:2124] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2120.2124] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2124] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2124] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2124] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2124] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2124] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2124] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2124] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2124] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2124] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2124] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2124] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2124] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2124] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2124] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2124] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2124] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2124] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2124] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2124] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2120:2128] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2120.2128] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2128] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2128] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2128] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2128] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2128] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2128] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2128] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2128] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2128] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2128] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2128] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2128] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2128] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2128] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2128] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2128] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2128] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2128] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2128] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2120:2228] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2120.2228] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2228] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2228] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2228] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2228] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2228] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2228] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2228] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2228] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2228] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2228] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2228] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2228] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2228] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2228] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2228] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2228] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2228] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2228] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2228] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2120:2316] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2120.2316] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2316] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2316] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2316] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2316] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2316] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2316] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2316] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2316] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2316] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2316] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2316] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2316] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2316] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2316] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2316] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2316] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2316] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2316] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2316] ZwWriteVirtualMemory
SSDT 88A73ED8 svchost.exe [2120.2332] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2332] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2332] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2332] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2332] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2332] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2332] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2332] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2332] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2332] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2332] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2332] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2332] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2332] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2332] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2332] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2332] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2332] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2332] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2332] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2120:2336] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2120.2336] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2336] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2336] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2336] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2336] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2336] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2336] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2336] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2336] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2336] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2336] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2336] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2336] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2336] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2336] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2336] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2336] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2336] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2336] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2336] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2120:2816] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2120.2816] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2120.2816] ZwCreateThread
SSDT 86557146 svchost.exe [2120.2816] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2120.2816] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2120.2816] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2120.2816] ZwLoadDriver
SSDT 86556D14 svchost.exe [2120.2816] ZwOpenKey
SSDT 86556A4E svchost.exe [2120.2816] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2120.2816] ZwOpenThread
SSDT 8655738B svchost.exe [2120.2816] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2120.2816] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2120.2816] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2120.2816] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2120.2816] ZwResumeThread
SSDT 86556CA1 svchost.exe [2120.2816] ZwSetContextThread
SSDT 86557034 svchost.exe [2120.2816] ZwSetValueKey
SSDT 86554C9F svchost.exe [2120.2816] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2120.2816] ZwSuspendThread
SSDT 86556BBB svchost.exe [2120.2816] ZwTerminateThread
SSDT 86557315 svchost.exe [2120.2816] ZwWriteVirtualMemory
SSDT 88A73ED8 ehtray.exe [2144.2164] ZwAlpcConnectPort
SSDT 88B892D0 ehtray.exe [2144.2164] ZwCreateThread
SSDT 86557146 ehtray.exe [2144.2164] ZwDeleteValueKey
SSDT 86556DDE ehtray.exe [2144.2164] ZwEnumerateKey
SSDT 86556EF7 ehtray.exe [2144.2164] ZwEnumerateValueKey
SSDT 88A73C78 ehtray.exe [2144.2164] ZwLoadDriver
SSDT 86556D14 ehtray.exe [2144.2164] ZwOpenKey
SSDT 86556A4E ehtray.exe [2144.2164] ZwOpenProcess
SSDT 86556AD6 ehtray.exe [2144.2164] ZwOpenThread
SSDT 8655738B ehtray.exe [2144.2164] ZwProtectVirtualMemory
SSDT 86557562 ehtray.exe [2144.2164] ZwQueryDirectoryFile
SSDT 865568FB ehtray.exe [2144.2164] ZwQuerySystemInformation
SSDT 8655729F ehtray.exe [2144.2164] ZwReadVirtualMemory
SSDT 88B21980 ehtray.exe [2144.2164] ZwResumeThread
SSDT 86556CA1 ehtray.exe [2144.2164] ZwSetContextThread
SSDT 86557034 ehtray.exe [2144.2164] ZwSetValueKey
SSDT 86554C9F ehtray.exe [2144.2164] ZwShutdownSystem
SSDT 86556C2E ehtray.exe [2144.2164] ZwSuspendThread
SSDT 86556BBB ehtray.exe [2144.2164] ZwTerminateThread
SSDT 86557315 ehtray.exe [2144.2164] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ehtray.exe [2144:4504] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ehtray.exe [2144.4504] ZwAlpcConnectPort
SSDT 88B892D0 ehtray.exe [2144.4504] ZwCreateThread
SSDT 86557146 ehtray.exe [2144.4504] ZwDeleteValueKey
SSDT 86556DDE ehtray.exe [2144.4504] ZwEnumerateKey
SSDT 86556EF7 ehtray.exe [2144.4504] ZwEnumerateValueKey
SSDT 88A73C78 ehtray.exe [2144.4504] ZwLoadDriver
SSDT 86556D14 ehtray.exe [2144.4504] ZwOpenKey
SSDT 86556A4E ehtray.exe [2144.4504] ZwOpenProcess
SSDT 86556AD6 ehtray.exe [2144.4504] ZwOpenThread
SSDT 8655738B ehtray.exe [2144.4504] ZwProtectVirtualMemory
SSDT 86557562 ehtray.exe [2144.4504] ZwQueryDirectoryFile
SSDT 865568FB ehtray.exe [2144.4504] ZwQuerySystemInformation
SSDT 8655729F ehtray.exe [2144.4504] ZwReadVirtualMemory
SSDT 88B21980 ehtray.exe [2144.4504] ZwResumeThread
SSDT 86556CA1 ehtray.exe [2144.4504] ZwSetContextThread
SSDT 86557034 ehtray.exe [2144.4504] ZwSetValueKey
SSDT 86554C9F ehtray.exe [2144.4504] ZwShutdownSystem
SSDT 86556C2E ehtray.exe [2144.4504] ZwSuspendThread
SSDT 86556BBB ehtray.exe [2144.4504] ZwTerminateThread
SSDT 86557315 ehtray.exe [2144.4504] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread updnvsrv.exe [2152:2156] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 updnvsrv.exe [2152.2156] ZwAlpcConnectPort
SSDT 88B892D0 updnvsrv.exe [2152.2156] ZwCreateThread
SSDT 86557146 updnvsrv.exe [2152.2156] ZwDeleteValueKey
SSDT 86556DDE updnvsrv.exe [2152.2156] ZwEnumerateKey
SSDT 86556EF7 updnvsrv.exe [2152.2156] ZwEnumerateValueKey
SSDT 88A73C78 updnvsrv.exe [2152.2156] ZwLoadDriver
SSDT 86556D14 updnvsrv.exe [2152.2156] ZwOpenKey
SSDT 86556A4E updnvsrv.exe [2152.2156] ZwOpenProcess
SSDT 86556AD6 updnvsrv.exe [2152.2156] ZwOpenThread
SSDT 8655738B updnvsrv.exe [2152.2156] ZwProtectVirtualMemory
SSDT 86557562 updnvsrv.exe [2152.2156] ZwQueryDirectoryFile
SSDT 865568FB updnvsrv.exe [2152.2156] ZwQuerySystemInformation
SSDT 8655729F updnvsrv.exe [2152.2156] ZwReadVirtualMemory
SSDT 88B21980 updnvsrv.exe [2152.2156] ZwResumeThread
SSDT 86556CA1 updnvsrv.exe [2152.2156] ZwSetContextThread
SSDT 86557034 updnvsrv.exe [2152.2156] ZwSetValueKey
SSDT 86554C9F updnvsrv.exe [2152.2156] ZwShutdownSystem
SSDT 86556C2E updnvsrv.exe [2152.2156] ZwSuspendThread
SSDT 86556BBB updnvsrv.exe [2152.2156] ZwTerminateThread
SSDT 86557315 updnvsrv.exe [2152.2156] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread updnvsrv.exe [2152:2196] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 updnvsrv.exe [2152.2196] ZwAlpcConnectPort
SSDT 88B892D0 updnvsrv.exe [2152.2196] ZwCreateThread
SSDT 86557146 updnvsrv.exe [2152.2196] ZwDeleteValueKey
SSDT 86556DDE updnvsrv.exe [2152.2196] ZwEnumerateKey
SSDT 86556EF7 updnvsrv.exe [2152.2196] ZwEnumerateValueKey
SSDT 88A73C78 updnvsrv.exe [2152.2196] ZwLoadDriver
SSDT 86556D14 updnvsrv.exe [2152.2196] ZwOpenKey
SSDT 86556A4E updnvsrv.exe [2152.2196] ZwOpenProcess
SSDT 86556AD6 updnvsrv.exe [2152.2196] ZwOpenThread
SSDT 8655738B updnvsrv.exe [2152.2196] ZwProtectVirtualMemory
SSDT 86557562 updnvsrv.exe [2152.2196] ZwQueryDirectoryFile
SSDT 865568FB updnvsrv.exe [2152.2196] ZwQuerySystemInformation
SSDT 8655729F updnvsrv.exe [2152.2196] ZwReadVirtualMemory
SSDT 88B21980 updnvsrv.exe [2152.2196] ZwResumeThread
SSDT 86556CA1 updnvsrv.exe [2152.2196] ZwSetContextThread
SSDT 86557034 updnvsrv.exe [2152.2196] ZwSetValueKey
SSDT 86554C9F updnvsrv.exe [2152.2196] ZwShutdownSystem
SSDT 86556C2E updnvsrv.exe [2152.2196] ZwSuspendThread
SSDT 86556BBB updnvsrv.exe [2152.2196] ZwTerminateThread
SSDT 86557315 updnvsrv.exe [2152.2196] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread updnvsrv.exe [2152:2256] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 updnvsrv.exe [2152.2256] ZwAlpcConnectPort
SSDT 88B892D0 updnvsrv.exe [2152.2256] ZwCreateThread
SSDT 86557146 updnvsrv.exe [2152.2256] ZwDeleteValueKey
SSDT 86556DDE updnvsrv.exe [2152.2256] ZwEnumerateKey
SSDT 86556EF7 updnvsrv.exe [2152.2256] ZwEnumerateValueKey
SSDT 88A73C78 updnvsrv.exe [2152.2256] ZwLoadDriver
SSDT 86556D14 updnvsrv.exe [2152.2256] ZwOpenKey
SSDT 86556A4E updnvsrv.exe [2152.2256] ZwOpenProcess
SSDT 86556AD6 updnvsrv.exe [2152.2256] ZwOpenThread
SSDT 8655738B updnvsrv.exe [2152.2256] ZwProtectVirtualMemory
SSDT 86557562 updnvsrv.exe [2152.2256] ZwQueryDirectoryFile
SSDT 865568FB updnvsrv.exe [2152.2256] ZwQuerySystemInformation
SSDT 8655729F updnvsrv.exe [2152.2256] ZwReadVirtualMemory
SSDT 88B21980 updnvsrv.exe [2152.2256] ZwResumeThread
SSDT 86556CA1 updnvsrv.exe [2152.2256] ZwSetContextThread
SSDT 86557034 updnvsrv.exe [2152.2256] ZwSetValueKey
SSDT 86554C9F updnvsrv.exe [2152.2256] ZwShutdownSystem
SSDT 86556C2E updnvsrv.exe [2152.2256] ZwSuspendThread
SSDT 86556BBB updnvsrv.exe [2152.2256] ZwTerminateThread
SSDT 86557315 updnvsrv.exe [2152.2256] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2212:2216] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2212.2216] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2212.2216] ZwCreateThread
SSDT 86557146 svchost.exe [2212.2216] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2212.2216] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2212.2216] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2212.2216] ZwLoadDriver
SSDT 86556D14 svchost.exe [2212.2216] ZwOpenKey
SSDT 86556A4E svchost.exe [2212.2216] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2212.2216] ZwOpenThread
SSDT 8655738B svchost.exe [2212.2216] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2212.2216] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2212.2216] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2212.2216] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2212.2216] ZwResumeThread
SSDT 86556CA1 svchost.exe [2212.2216] ZwSetContextThread
SSDT 86557034 svchost.exe [2212.2216] ZwSetValueKey
SSDT 86554C9F svchost.exe [2212.2216] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2212.2216] ZwSuspendThread
SSDT 86556BBB svchost.exe [2212.2216] ZwTerminateThread
SSDT 86557315 svchost.exe [2212.2216] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2212:2320] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2212.2320] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2212.2320] ZwCreateThread
SSDT 86557146 svchost.exe [2212.2320] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2212.2320] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2212.2320] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2212.2320] ZwLoadDriver
SSDT 86556D14 svchost.exe [2212.2320] ZwOpenKey
SSDT 86556A4E svchost.exe [2212.2320] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2212.2320] ZwOpenThread
SSDT 8655738B svchost.exe [2212.2320] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2212.2320] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2212.2320] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2212.2320] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2212.2320] ZwResumeThread
SSDT 86556CA1 svchost.exe [2212.2320] ZwSetContextThread
SSDT 86557034 svchost.exe [2212.2320] ZwSetValueKey
SSDT 86554C9F svchost.exe [2212.2320] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2212.2320] ZwSuspendThread
SSDT 86556BBB svchost.exe [2212.2320] ZwTerminateThread
SSDT 86557315 svchost.exe [2212.2320] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2212:2344] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2212.2344] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2212.2344] ZwCreateThread
SSDT 86557146 svchost.exe [2212.2344] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2212.2344] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2212.2344] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2212.2344] ZwLoadDriver
SSDT 86556D14 svchost.exe [2212.2344] ZwOpenKey
SSDT 86556A4E svchost.exe [2212.2344] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2212.2344] ZwOpenThread
SSDT 8655738B svchost.exe [2212.2344] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2212.2344] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2212.2344] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2212.2344] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2212.2344] ZwResumeThread
SSDT 86556CA1 svchost.exe [2212.2344] ZwSetContextThread
SSDT 86557034 svchost.exe [2212.2344] ZwSetValueKey
SSDT 86554C9F svchost.exe [2212.2344] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2212.2344] ZwSuspendThread
SSDT 86556BBB svchost.exe [2212.2344] ZwTerminateThread
SSDT 86557315 svchost.exe [2212.2344] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [2212:2348] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 svchost.exe [2212.2348] ZwAlpcConnectPort
SSDT 88B892D0 svchost.exe [2212.2348] ZwCreateThread
SSDT 86557146 svchost.exe [2212.2348] ZwDeleteValueKey
SSDT 86556DDE svchost.exe [2212.2348] ZwEnumerateKey
SSDT 86556EF7 svchost.exe [2212.2348] ZwEnumerateValueKey
SSDT 88A73C78 svchost.exe [2212.2348] ZwLoadDriver
SSDT 86556D14 svchost.exe [2212.2348] ZwOpenKey
SSDT 86556A4E svchost.exe [2212.2348] ZwOpenProcess
SSDT 86556AD6 svchost.exe [2212.2348] ZwOpenThread
SSDT 8655738B svchost.exe [2212.2348] ZwProtectVirtualMemory
SSDT 86557562 svchost.exe [2212.2348] ZwQueryDirectoryFile
SSDT 865568FB svchost.exe [2212.2348] ZwQuerySystemInformation
SSDT 8655729F svchost.exe [2212.2348] ZwReadVirtualMemory
SSDT 88B21980 svchost.exe [2212.2348] ZwResumeThread
SSDT 86556CA1 svchost.exe [2212.2348] ZwSetContextThread
SSDT 86557034 svchost.exe [2212.2348] ZwSetValueKey
SSDT 86554C9F svchost.exe [2212.2348] ZwShutdownSystem
SSDT 86556C2E svchost.exe [2212.2348] ZwSuspendThread
SSDT 86556BBB svchost.exe [2212.2348] ZwTerminateThread
SSDT 86557315 svchost.exe [2212.2348] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:2240] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.2240] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.2240] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.2240] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.2240] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.2240] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.2240] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.2240] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.2240] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.2240] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.2240] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.2240] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.2240] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.2240] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.2240] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.2240] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.2240] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.2240] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.2240] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.2240] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.2240] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:2284] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.2284] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.2284] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.2284] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.2284] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.2284] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.2284] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.2284] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.2284] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.2284] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.2284] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.2284] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.2284] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.2284] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.2284] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.2284] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.2284] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.2284] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.2284] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.2284] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.2284] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:2312] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.2312] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.2312] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.2312] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.2312] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.2312] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.2312] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.2312] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.2312] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.2312] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.2312] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.2312] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.2312] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.2312] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.2312] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.2312] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.2312] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.2312] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.2312] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.2312] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.2312] ZwWriteVirtualMemory
SSDT 88A73ED8 WLIDSVC.EXE [2236.2368] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.2368] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.2368] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.2368] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.2368] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.2368] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.2368] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.2368] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.2368] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.2368] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.2368] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.2368] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.2368] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.2368] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.2368] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.2368] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.2368] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.2368] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.2368] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.2368] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:2412] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.2412] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.2412] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.2412] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.2412] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.2412] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.2412] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.2412] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.2412] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.2412] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.2412] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.2412] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.2412] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.2412] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.2412] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.2412] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.2412] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.2412] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.2412] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.2412] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.2412] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:2416] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.2416] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.2416] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.2416] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.2416] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.2416] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.2416] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.2416] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.2416] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.2416] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.2416] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.2416] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.2416] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.2416] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.2416] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.2416] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.2416] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.2416] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.2416] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.2416] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.2416] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:3196] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.3196] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.3196] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.3196] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.3196] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.3196] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.3196] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.3196] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.3196] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.3196] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.3196] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.3196] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.3196] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.3196] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.3196] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.3196] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.3196] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.3196] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.3196] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.3196] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.3196] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVC.EXE [2236:5432] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVC.EXE [2236.5432] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVC.EXE [2236.5432] ZwCreateThread
SSDT 86557146 WLIDSVC.EXE [2236.5432] ZwDeleteValueKey
SSDT 86556DDE WLIDSVC.EXE [2236.5432] ZwEnumerateKey
SSDT 86556EF7 WLIDSVC.EXE [2236.5432] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVC.EXE [2236.5432] ZwLoadDriver
SSDT 86556D14 WLIDSVC.EXE [2236.5432] ZwOpenKey
SSDT 86556A4E WLIDSVC.EXE [2236.5432] ZwOpenProcess
SSDT 86556AD6 WLIDSVC.EXE [2236.5432] ZwOpenThread
SSDT 8655738B WLIDSVC.EXE [2236.5432] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVC.EXE [2236.5432] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVC.EXE [2236.5432] ZwQuerySystemInformation
SSDT 8655729F WLIDSVC.EXE [2236.5432] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVC.EXE [2236.5432] ZwResumeThread
SSDT 86556CA1 WLIDSVC.EXE [2236.5432] ZwSetContextThread
SSDT 86557034 WLIDSVC.EXE [2236.5432] ZwSetValueKey
SSDT 86554C9F WLIDSVC.EXE [2236.5432] ZwShutdownSystem
SSDT 86556C2E WLIDSVC.EXE [2236.5432] ZwSuspendThread
SSDT 86556BBB WLIDSVC.EXE [2236.5432] ZwTerminateThread
SSDT 86557315 WLIDSVC.EXE [2236.5432] ZwWriteVirtualMemory
SSDT 88A73ED8 SearchIndexer.exe [2296.2300] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2300] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2300] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2300] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2300] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2300] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2300] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2300] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2300] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2300] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2300] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2300] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2300] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2300] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2300] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2300] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2300] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2300] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2300] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2300] ZwWriteVirtualMemory
SSDT 88A73ED8 SearchIndexer.exe [2296.2360] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2360] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2360] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2360] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2360] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2360] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2360] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2360] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2360] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2360] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2360] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2360] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2360] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2360] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2360] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2360] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2360] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2360] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2360] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2360] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2376] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2376] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2376] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2376] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2376] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2376] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2376] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2376] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2376] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2376] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2376] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2376] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2376] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2376] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2376] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2376] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2376] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2376] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2376] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2376] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2376] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2644] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2644] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2644] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2644] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2644] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2644] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2644] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2644] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2644] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2644] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2644] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2644] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2644] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2644] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2644] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2644] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2644] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2644] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2644] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2644] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2644] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2652] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2652] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2652] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2652] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2652] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2652] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2652] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2652] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2652] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2652] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2652] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2652] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2652] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2652] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2652] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2652] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2652] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2652] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2652] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2652] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2652] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2828] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2828] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2828] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2828] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2828] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2828] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2828] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2828] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2828] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2828] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2828] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2828] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2828] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2828] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2828] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2828] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2828] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2828] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2828] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2828] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2828] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2836] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2836] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2836] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2836] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2836] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2836] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2836] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2836] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2836] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2836] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2836] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2836] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2836] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2836] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2836] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2836] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2836] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2836] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2836] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2836] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2836] ZwWriteVirtualMemory
SSDT 88A73ED8 SearchIndexer.exe [2296.2840] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2840] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2840] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2840] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2840] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2840] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2840] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2840] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2840] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2840] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2840] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2840] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2840] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2840] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2840] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2840] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2840] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2840] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2840] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2840] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2844] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2844] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2844] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2844] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2844] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2844] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2844] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2844] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2844] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2844] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2844] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2844] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2844] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2844] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2844] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2844] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2844] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2844] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2844] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2844] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2844] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:2876] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.2876] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.2876] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.2876] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.2876] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.2876] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.2876] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.2876] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.2876] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.2876] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.2876] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.2876] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.2876] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.2876] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.2876] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.2876] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.2876] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.2876] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.2876] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.2876] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.2876] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:5344] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.5344] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.5344] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.5344] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.5344] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.5344] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.5344] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.5344] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.5344] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.5344] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.5344] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.5344] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.5344] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.5344] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.5344] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.5344] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.5344] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.5344] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.5344] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.5344] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.5344] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:5396] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.5396] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.5396] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.5396] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.5396] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.5396] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.5396] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.5396] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.5396] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.5396] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.5396] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.5396] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.5396] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.5396] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.5396] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.5396] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.5396] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.5396] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.5396] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.5396] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.5396] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:3620] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.3620] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.3620] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.3620] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.3620] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.3620] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.3620] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.3620] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.3620] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.3620] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.3620] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.3620] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.3620] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.3620] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.3620] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.3620] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.3620] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.3620] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.3620] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.3620] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.3620] ZwWriteVirtualMemory





#10 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:08 PM

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:5456] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.5456] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.5456] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.5456] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.5456] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.5456] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.5456] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.5456] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.5456] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.5456] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.5456] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.5456] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.5456] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.5456] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.5456] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.5456] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.5456] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.5456] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.5456] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.5456] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.5456] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:4668] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.4668] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.4668] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.4668] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.4668] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.4668] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.4668] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.4668] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.4668] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.4668] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.4668] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.4668] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.4668] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.4668] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.4668] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.4668] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.4668] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.4668] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.4668] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.4668] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.4668] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:8220] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.8220] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.8220] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.8220] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.8220] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.8220] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.8220] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.8220] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.8220] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.8220] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.8220] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.8220] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.8220] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.8220] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.8220] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.8220] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.8220] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.8220] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.8220] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.8220] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.8220] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:8448] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.8448] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.8448] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.8448] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.8448] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.8448] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.8448] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.8448] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.8448] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.8448] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.8448] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.8448] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.8448] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.8448] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.8448] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.8448] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.8448] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.8448] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.8448] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.8448] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.8448] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:8800] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.8800] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.8800] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.8800] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.8800] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.8800] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.8800] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.8800] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.8800] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.8800] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.8800] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.8800] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.8800] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.8800] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.8800] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.8800] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.8800] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.8800] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.8800] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.8800] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.8800] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SearchIndexer.exe [2296:9068] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SearchIndexer.exe [2296.9068] ZwAlpcConnectPort
SSDT 88B892D0 SearchIndexer.exe [2296.9068] ZwCreateThread
SSDT 86557146 SearchIndexer.exe [2296.9068] ZwDeleteValueKey
SSDT 86556DDE SearchIndexer.exe [2296.9068] ZwEnumerateKey
SSDT 86556EF7 SearchIndexer.exe [2296.9068] ZwEnumerateValueKey
SSDT 88A73C78 SearchIndexer.exe [2296.9068] ZwLoadDriver
SSDT 86556D14 SearchIndexer.exe [2296.9068] ZwOpenKey
SSDT 86556A4E SearchIndexer.exe [2296.9068] ZwOpenProcess
SSDT 86556AD6 SearchIndexer.exe [2296.9068] ZwOpenThread
SSDT 8655738B SearchIndexer.exe [2296.9068] ZwProtectVirtualMemory
SSDT 86557562 SearchIndexer.exe [2296.9068] ZwQueryDirectoryFile
SSDT 865568FB SearchIndexer.exe [2296.9068] ZwQuerySystemInformation
SSDT 8655729F SearchIndexer.exe [2296.9068] ZwReadVirtualMemory
SSDT 88B21980 SearchIndexer.exe [2296.9068] ZwResumeThread
SSDT 86556CA1 SearchIndexer.exe [2296.9068] ZwSetContextThread
SSDT 86557034 SearchIndexer.exe [2296.9068] ZwSetValueKey
SSDT 86554C9F SearchIndexer.exe [2296.9068] ZwShutdownSystem
SSDT 86556C2E SearchIndexer.exe [2296.9068] ZwSuspendThread
SSDT 86556BBB SearchIndexer.exe [2296.9068] ZwTerminateThread
SSDT 86557315 SearchIndexer.exe [2296.9068] ZwWriteVirtualMemory
SSDT 88A73ED8 SUPERAntiSpyware.exe [2356.2372] ZwAlpcConnectPort
SSDT 88B892D0 SUPERAntiSpyware.exe [2356.2372] ZwCreateThread
SSDT 86557146 SUPERAntiSpyware.exe [2356.2372] ZwDeleteValueKey
SSDT 86556DDE SUPERAntiSpyware.exe [2356.2372] ZwEnumerateKey
SSDT 86556EF7 SUPERAntiSpyware.exe [2356.2372] ZwEnumerateValueKey
SSDT 88A73C78 SUPERAntiSpyware.exe [2356.2372] ZwLoadDriver
SSDT 86556D14 SUPERAntiSpyware.exe [2356.2372] ZwOpenKey
SSDT 86556A4E SUPERAntiSpyware.exe [2356.2372] ZwOpenProcess
SSDT 86556AD6 SUPERAntiSpyware.exe [2356.2372] ZwOpenThread
SSDT 8655738B SUPERAntiSpyware.exe [2356.2372] ZwProtectVirtualMemory
SSDT 86557562 SUPERAntiSpyware.exe [2356.2372] ZwQueryDirectoryFile
SSDT 865568FB SUPERAntiSpyware.exe [2356.2372] ZwQuerySystemInformation
SSDT 8655729F SUPERAntiSpyware.exe [2356.2372] ZwReadVirtualMemory
SSDT 88B21980 SUPERAntiSpyware.exe [2356.2372] ZwResumeThread
SSDT 86556CA1 SUPERAntiSpyware.exe [2356.2372] ZwSetContextThread
SSDT 86557034 SUPERAntiSpyware.exe [2356.2372] ZwSetValueKey
SSDT 86554C9F SUPERAntiSpyware.exe [2356.2372] ZwShutdownSystem
SSDT 86556C2E SUPERAntiSpyware.exe [2356.2372] ZwSuspendThread
SSDT 86556BBB SUPERAntiSpyware.exe [2356.2372] ZwTerminateThread
SSDT 86557315 SUPERAntiSpyware.exe [2356.2372] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread SUPERAntiSpyware.exe [2356:4840] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 SUPERAntiSpyware.exe [2356.4840] ZwAlpcConnectPort
SSDT 88B892D0 SUPERAntiSpyware.exe [2356.4840] ZwCreateThread
SSDT 86557146 SUPERAntiSpyware.exe [2356.4840] ZwDeleteValueKey
SSDT 86556DDE SUPERAntiSpyware.exe [2356.4840] ZwEnumerateKey
SSDT 86556EF7 SUPERAntiSpyware.exe [2356.4840] ZwEnumerateValueKey
SSDT 88A73C78 SUPERAntiSpyware.exe [2356.4840] ZwLoadDriver
SSDT 86556D14 SUPERAntiSpyware.exe [2356.4840] ZwOpenKey
SSDT 86556A4E SUPERAntiSpyware.exe [2356.4840] ZwOpenProcess
SSDT 86556AD6 SUPERAntiSpyware.exe [2356.4840] ZwOpenThread
SSDT 8655738B SUPERAntiSpyware.exe [2356.4840] ZwProtectVirtualMemory
SSDT 86557562 SUPERAntiSpyware.exe [2356.4840] ZwQueryDirectoryFile
SSDT 865568FB SUPERAntiSpyware.exe [2356.4840] ZwQuerySystemInformation
SSDT 8655729F SUPERAntiSpyware.exe [2356.4840] ZwReadVirtualMemory
SSDT 88B21980 SUPERAntiSpyware.exe [2356.4840] ZwResumeThread
SSDT 86556CA1 SUPERAntiSpyware.exe [2356.4840] ZwSetContextThread
SSDT 86557034 SUPERAntiSpyware.exe [2356.4840] ZwSetValueKey
SSDT 86554C9F SUPERAntiSpyware.exe [2356.4840] ZwShutdownSystem
SSDT 86556C2E SUPERAntiSpyware.exe [2356.4840] ZwSuspendThread
SSDT 86556BBB SUPERAntiSpyware.exe [2356.4840] ZwTerminateThread
SSDT 86557315 SUPERAntiSpyware.exe [2356.4840] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4024] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4024] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4024] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4024] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4024] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4024] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4024] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4024] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4024] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4024] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4024] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4024] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4024] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4024] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4024] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4024] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4024] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4024] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4024] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4024] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4024] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4252] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4252] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4252] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4252] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4252] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4252] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4252] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4252] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4252] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4252] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4252] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4252] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4252] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4252] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4252] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4252] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4252] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4252] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4252] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4252] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4252] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4276] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4276] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4276] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4276] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4276] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4276] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4276] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4276] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4276] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4276] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4276] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4276] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4276] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4276] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4276] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4276] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4276] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4276] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4276] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4276] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4276] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4596] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4596] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4596] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4596] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4596] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4596] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4596] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4596] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4596] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4596] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4596] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4596] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4596] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4596] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4596] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4596] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4596] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4596] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4596] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4596] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4596] ZwWriteVirtualMemory
SSDT 88A73ED8 iexplore.exe [2720.4592] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4592] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4592] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4592] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4592] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4592] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4592] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4592] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4592] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4592] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4592] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4592] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4592] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4592] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4592] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4592] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4592] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4592] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4592] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4592] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:5940] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.5940] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.5940] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.5940] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.5940] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.5940] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.5940] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.5940] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.5940] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.5940] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.5940] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.5940] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.5940] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.5940] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.5940] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.5940] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.5940] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.5940] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.5940] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.5940] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.5940] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:8156] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.8156] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.8156] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.8156] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.8156] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.8156] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.8156] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.8156] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.8156] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.8156] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.8156] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.8156] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.8156] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.8156] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.8156] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.8156] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.8156] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.8156] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.8156] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.8156] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.8156] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4192] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4192] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4192] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4192] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4192] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4192] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4192] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4192] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4192] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4192] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4192] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4192] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4192] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4192] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4192] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4192] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4192] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4192] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4192] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4192] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4192] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4208] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4208] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4208] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4208] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4208] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4208] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4208] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4208] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4208] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4208] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4208] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4208] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4208] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4208] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4208] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4208] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4208] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4208] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4208] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4208] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4208] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:7236] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.7236] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.7236] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.7236] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.7236] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.7236] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.7236] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.7236] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.7236] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.7236] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.7236] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.7236] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.7236] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.7236] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.7236] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.7236] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.7236] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.7236] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.7236] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.7236] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.7236] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:7944] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.7944] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.7944] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.7944] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.7944] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.7944] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.7944] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.7944] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.7944] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.7944] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.7944] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.7944] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.7944] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.7944] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.7944] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.7944] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.7944] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.7944] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.7944] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.7944] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.7944] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:4828] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.4828] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.4828] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.4828] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.4828] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.4828] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.4828] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.4828] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.4828] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.4828] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.4828] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.4828] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.4828] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.4828] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.4828] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.4828] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.4828] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.4828] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.4828] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.4828] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.4828] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:6352] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.6352] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.6352] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.6352] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.6352] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.6352] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.6352] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.6352] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.6352] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.6352] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.6352] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.6352] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.6352] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.6352] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.6352] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.6352] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.6352] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.6352] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.6352] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.6352] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.6352] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:6568] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.6568] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.6568] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.6568] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.6568] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.6568] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.6568] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.6568] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.6568] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.6568] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.6568] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.6568] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.6568] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.6568] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.6568] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.6568] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.6568] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.6568] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.6568] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.6568] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.6568] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:6436] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.6436] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.6436] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.6436] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.6436] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.6436] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.6436] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.6436] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.6436] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.6436] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.6436] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.6436] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.6436] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.6436] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.6436] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.6436] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.6436] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.6436] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.6436] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.6436] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.6436] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:9052] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.9052] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.9052] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.9052] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.9052] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.9052] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.9052] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.9052] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.9052] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.9052] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.9052] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.9052] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.9052] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.9052] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.9052] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.9052] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.9052] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.9052] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.9052] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.9052] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.9052] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:9788] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.9788] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.9788] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.9788] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.9788] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.9788] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.9788] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.9788] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.9788] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.9788] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.9788] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.9788] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.9788] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.9788] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.9788] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.9788] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.9788] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.9788] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.9788] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.9788] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.9788] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [2720:9320] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [2720.9320] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [2720.9320] ZwCreateThread
SSDT 86557146 iexplore.exe [2720.9320] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [2720.9320] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [2720.9320] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [2720.9320] ZwLoadDriver
SSDT 86556D14 iexplore.exe [2720.9320] ZwOpenKey
SSDT 86556A4E iexplore.exe [2720.9320] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [2720.9320] ZwOpenThread
SSDT 8655738B iexplore.exe [2720.9320] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [2720.9320] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [2720.9320] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [2720.9320] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [2720.9320] ZwResumeThread
SSDT 86556CA1 iexplore.exe [2720.9320] ZwSetContextThread
SSDT 86557034 iexplore.exe [2720.9320] ZwSetValueKey
SSDT 86554C9F iexplore.exe [2720.9320] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [2720.9320] ZwSuspendThread
SSDT 86556BBB iexplore.exe [2720.9320] ZwTerminateThread
SSDT 86557315 iexplore.exe [2720.9320] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVCM.EXE [2760:2764] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVCM.EXE [2760.2764] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVCM.EXE [2760.2764] ZwCreateThread
SSDT 86557146 WLIDSVCM.EXE [2760.2764] ZwDeleteValueKey
SSDT 86556DDE WLIDSVCM.EXE [2760.2764] ZwEnumerateKey
SSDT 86556EF7 WLIDSVCM.EXE [2760.2764] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVCM.EXE [2760.2764] ZwLoadDriver
SSDT 86556D14 WLIDSVCM.EXE [2760.2764] ZwOpenKey
SSDT 86556A4E WLIDSVCM.EXE [2760.2764] ZwOpenProcess
SSDT 86556AD6 WLIDSVCM.EXE [2760.2764] ZwOpenThread
SSDT 8655738B WLIDSVCM.EXE [2760.2764] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVCM.EXE [2760.2764] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVCM.EXE [2760.2764] ZwQuerySystemInformation
SSDT 8655729F WLIDSVCM.EXE [2760.2764] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVCM.EXE [2760.2764] ZwResumeThread
SSDT 86556CA1 WLIDSVCM.EXE [2760.2764] ZwSetContextThread
SSDT 86557034 WLIDSVCM.EXE [2760.2764] ZwSetValueKey
SSDT 86554C9F WLIDSVCM.EXE [2760.2764] ZwShutdownSystem
SSDT 86556C2E WLIDSVCM.EXE [2760.2764] ZwSuspendThread
SSDT 86556BBB WLIDSVCM.EXE [2760.2764] ZwTerminateThread
SSDT 86557315 WLIDSVCM.EXE [2760.2764] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread WLIDSVCM.EXE [2760:2772] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 WLIDSVCM.EXE [2760.2772] ZwAlpcConnectPort
SSDT 88B892D0 WLIDSVCM.EXE [2760.2772] ZwCreateThread
SSDT 86557146 WLIDSVCM.EXE [2760.2772] ZwDeleteValueKey
SSDT 86556DDE WLIDSVCM.EXE [2760.2772] ZwEnumerateKey
SSDT 86556EF7 WLIDSVCM.EXE [2760.2772] ZwEnumerateValueKey
SSDT 88A73C78 WLIDSVCM.EXE [2760.2772] ZwLoadDriver
SSDT 86556D14 WLIDSVCM.EXE [2760.2772] ZwOpenKey
SSDT 86556A4E WLIDSVCM.EXE [2760.2772] ZwOpenProcess
SSDT 86556AD6 WLIDSVCM.EXE [2760.2772] ZwOpenThread
SSDT 8655738B WLIDSVCM.EXE [2760.2772] ZwProtectVirtualMemory
SSDT 86557562 WLIDSVCM.EXE [2760.2772] ZwQueryDirectoryFile
SSDT 865568FB WLIDSVCM.EXE [2760.2772] ZwQuerySystemInformation
SSDT 8655729F WLIDSVCM.EXE [2760.2772] ZwReadVirtualMemory
SSDT 88B21980 WLIDSVCM.EXE [2760.2772] ZwResumeThread
SSDT 86556CA1 WLIDSVCM.EXE [2760.2772] ZwSetContextThread
SSDT 86557034 WLIDSVCM.EXE [2760.2772] ZwSetValueKey
SSDT 86554C9F WLIDSVCM.EXE [2760.2772] ZwShutdownSystem
SSDT 86556C2E WLIDSVCM.EXE [2760.2772] ZwSuspendThread
SSDT 86556BBB WLIDSVCM.EXE [2760.2772] ZwTerminateThread
SSDT 86557315 WLIDSVCM.EXE [2760.2772] ZwWriteVirtualMemory
SSDT 88A73ED8 taskeng.exe [2788.2792] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [2788.2792] ZwCreateThread
SSDT 86557146 taskeng.exe [2788.2792] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [2788.2792] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [2788.2792] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [2788.2792] ZwLoadDriver
SSDT 86556D14 taskeng.exe [2788.2792] ZwOpenKey
SSDT 86556A4E taskeng.exe [2788.2792] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [2788.2792] ZwOpenThread
SSDT 8655738B taskeng.exe [2788.2792] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [2788.2792] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [2788.2792] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [2788.2792] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [2788.2792] ZwResumeThread
SSDT 86556CA1 taskeng.exe [2788.2792] ZwSetContextThread
SSDT 86557034 taskeng.exe [2788.2792] ZwSetValueKey
SSDT 86554C9F taskeng.exe [2788.2792] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [2788.2792] ZwSuspendThread
SSDT 86556BBB taskeng.exe [2788.2792] ZwTerminateThread
SSDT 86557315 taskeng.exe [2788.2792] ZwWriteVirtualMemory
SSDT 88A73ED8 taskeng.exe [2788.2800] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [2788.2800] ZwCreateThread
SSDT 86557146 taskeng.exe [2788.2800] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [2788.2800] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [2788.2800] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [2788.2800] ZwLoadDriver
SSDT 86556D14 taskeng.exe [2788.2800] ZwOpenKey
SSDT 86556A4E taskeng.exe [2788.2800] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [2788.2800] ZwOpenThread
SSDT 8655738B taskeng.exe [2788.2800] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [2788.2800] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [2788.2800] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [2788.2800] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [2788.2800] ZwResumeThread
SSDT 86556CA1 taskeng.exe [2788.2800] ZwSetContextThread
SSDT 86557034 taskeng.exe [2788.2800] ZwSetValueKey
SSDT 86554C9F taskeng.exe [2788.2800] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [2788.2800] ZwSuspendThread
SSDT 86556BBB taskeng.exe [2788.2800] ZwTerminateThread
SSDT 86557315 taskeng.exe [2788.2800] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [2788:2804] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [2788.2804] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [2788.2804] ZwCreateThread
SSDT 86557146 taskeng.exe [2788.2804] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [2788.2804] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [2788.2804] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [2788.2804] ZwLoadDriver
SSDT 86556D14 taskeng.exe [2788.2804] ZwOpenKey
SSDT 86556A4E taskeng.exe [2788.2804] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [2788.2804] ZwOpenThread
SSDT 8655738B taskeng.exe [2788.2804] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [2788.2804] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [2788.2804] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [2788.2804] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [2788.2804] ZwResumeThread
SSDT 86556CA1 taskeng.exe [2788.2804] ZwSetContextThread
SSDT 86557034 taskeng.exe [2788.2804] ZwSetValueKey
SSDT 86554C9F taskeng.exe [2788.2804] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [2788.2804] ZwSuspendThread
SSDT 86556BBB taskeng.exe [2788.2804] ZwTerminateThread
SSDT 86557315 taskeng.exe [2788.2804] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [2788:2808] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [2788.2808] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [2788.2808] ZwCreateThread
SSDT 86557146 taskeng.exe [2788.2808] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [2788.2808] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [2788.2808] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [2788.2808] ZwLoadDriver
SSDT 86556D14 taskeng.exe [2788.2808] ZwOpenKey
SSDT 86556A4E taskeng.exe [2788.2808] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [2788.2808] ZwOpenThread
SSDT 8655738B taskeng.exe [2788.2808] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [2788.2808] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [2788.2808] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [2788.2808] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [2788.2808] ZwResumeThread
SSDT 86556CA1 taskeng.exe [2788.2808] ZwSetContextThread
SSDT 86557034 taskeng.exe [2788.2808] ZwSetValueKey
SSDT 86554C9F taskeng.exe [2788.2808] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [2788.2808] ZwSuspendThread
SSDT 86556BBB taskeng.exe [2788.2808] ZwTerminateThread
SSDT 86557315 taskeng.exe [2788.2808] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [2788:2820] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [2788.2820] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [2788.2820] ZwCreateThread
SSDT 86557146 taskeng.exe [2788.2820] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [2788.2820] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [2788.2820] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [2788.2820] ZwLoadDriver
SSDT 86556D14 taskeng.exe [2788.2820] ZwOpenKey
SSDT 86556A4E taskeng.exe [2788.2820] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [2788.2820] ZwOpenThread
SSDT 8655738B taskeng.exe [2788.2820] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [2788.2820] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [2788.2820] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [2788.2820] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [2788.2820] ZwResumeThread
SSDT 86556CA1 taskeng.exe [2788.2820] ZwSetContextThread
SSDT 86557034 taskeng.exe [2788.2820] ZwSetValueKey
SSDT 86554C9F taskeng.exe [2788.2820] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [2788.2820] ZwSuspendThread
SSDT 86556BBB taskeng.exe [2788.2820] ZwTerminateThread
SSDT 86557315 taskeng.exe [2788.2820] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3144] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3144] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3144] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3144] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3144] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3144] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3144] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3144] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3144] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3144] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3144] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3144] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3144] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3144] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3144] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3144] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3144] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3144] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3144] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3144] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3144] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3156] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3156] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3156] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3156] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3156] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3156] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3156] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3156] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3156] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3156] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3156] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3156] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3156] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3156] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3156] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3156] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3156] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3156] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3156] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3156] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3156] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3160] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3160] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3160] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3160] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3160] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3160] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3160] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3160] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3160] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3160] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3160] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3160] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3160] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3160] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3160] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3160] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3160] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3160] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3160] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3160] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3160] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3212] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3212] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3212] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3212] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3212] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3212] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3212] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3212] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3212] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3212] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3212] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3212] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3212] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3212] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3212] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3212] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3212] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3212] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3212] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3212] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3212] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3216] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3216] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3216] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3216] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3216] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3216] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3216] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3216] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3216] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3216] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3216] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3216] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3216] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3216] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3216] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3216] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3216] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3216] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3216] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3216] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3216] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3360] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3360] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3360] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3360] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3360] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3360] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3360] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3360] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3360] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3360] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3360] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3360] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3360] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3360] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3360] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3360] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3360] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3360] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3360] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3360] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3360] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread dwm.exe [3140:3376] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 dwm.exe [3140.3376] ZwAlpcConnectPort
SSDT 88B892D0 dwm.exe [3140.3376] ZwCreateThread
SSDT 86557146 dwm.exe [3140.3376] ZwDeleteValueKey
SSDT 86556DDE dwm.exe [3140.3376] ZwEnumerateKey
SSDT 86556EF7 dwm.exe [3140.3376] ZwEnumerateValueKey
SSDT 88A73C78 dwm.exe [3140.3376] ZwLoadDriver
SSDT 86556D14 dwm.exe [3140.3376] ZwOpenKey
SSDT 86556A4E dwm.exe [3140.3376] ZwOpenProcess
SSDT 86556AD6 dwm.exe [3140.3376] ZwOpenThread
SSDT 8655738B dwm.exe [3140.3376] ZwProtectVirtualMemory
SSDT 86557562 dwm.exe [3140.3376] ZwQueryDirectoryFile
SSDT 865568FB dwm.exe [3140.3376] ZwQuerySystemInformation
SSDT 8655729F dwm.exe [3140.3376] ZwReadVirtualMemory
SSDT 88B21980 dwm.exe [3140.3376] ZwResumeThread
SSDT 86556CA1 dwm.exe [3140.3376] ZwSetContextThread
SSDT 86557034 dwm.exe [3140.3376] ZwSetValueKey
SSDT 86554C9F dwm.exe [3140.3376] ZwShutdownSystem
SSDT 86556C2E dwm.exe [3140.3376] ZwSuspendThread
SSDT 86556BBB dwm.exe [3140.3376] ZwTerminateThread
SSDT 86557315 dwm.exe [3140.3376] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ApntEx.exe [3172:2964] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 ApntEx.exe [3172.2964] ZwAlpcConnectPort
SSDT 88B892D0 ApntEx.exe [3172.2964] ZwCreateThread
SSDT 86557146 ApntEx.exe [3172.2964] ZwDeleteValueKey
SSDT 86556DDE ApntEx.exe [3172.2964] ZwEnumerateKey
SSDT 86556EF7 ApntEx.exe [3172.2964] ZwEnumerateValueKey
SSDT 88A73C78 ApntEx.exe [3172.2964] ZwLoadDriver
SSDT 86556D14 ApntEx.exe [3172.2964] ZwOpenKey
SSDT 86556A4E ApntEx.exe [3172.2964] ZwOpenProcess
SSDT 86556AD6 ApntEx.exe [3172.2964] ZwOpenThread
SSDT 8655738B ApntEx.exe [3172.2964] ZwProtectVirtualMemory
SSDT 86557562 ApntEx.exe [3172.2964] ZwQueryDirectoryFile
SSDT 865568FB ApntEx.exe [3172.2964] ZwQuerySystemInformation
SSDT 8655729F ApntEx.exe [3172.2964] ZwReadVirtualMemory
SSDT 88B21980 ApntEx.exe [3172.2964] ZwResumeThread
SSDT 86556CA1 ApntEx.exe [3172.2964] ZwSetContextThread
SSDT 86557034 ApntEx.exe [3172.2964] ZwSetValueKey
SSDT 86554C9F ApntEx.exe [3172.2964] ZwShutdownSystem
SSDT 86556C2E ApntEx.exe [3172.2964] ZwSuspendThread
SSDT 86556BBB ApntEx.exe [3172.2964] ZwTerminateThread
SSDT 86557315 ApntEx.exe [3172.2964] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ApntEx.exe [3172:3364] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ApntEx.exe [3172.3364] ZwAlpcConnectPort
SSDT 88B892D0 ApntEx.exe [3172.3364] ZwCreateThread
SSDT 86557146 ApntEx.exe [3172.3364] ZwDeleteValueKey
SSDT 86556DDE ApntEx.exe [3172.3364] ZwEnumerateKey
SSDT 86556EF7 ApntEx.exe [3172.3364] ZwEnumerateValueKey
SSDT 88A73C78 ApntEx.exe [3172.3364] ZwLoadDriver
SSDT 86556D14 ApntEx.exe [3172.3364] ZwOpenKey
SSDT 86556A4E ApntEx.exe [3172.3364] ZwOpenProcess
SSDT 86556AD6 ApntEx.exe [3172.3364] ZwOpenThread
SSDT 8655738B ApntEx.exe [3172.3364] ZwProtectVirtualMemory
SSDT 86557562 ApntEx.exe [3172.3364] ZwQueryDirectoryFile
SSDT 865568FB ApntEx.exe [3172.3364] ZwQuerySystemInformation
SSDT 8655729F ApntEx.exe [3172.3364] ZwReadVirtualMemory
SSDT 88B21980 ApntEx.exe [3172.3364] ZwResumeThread
SSDT 86556CA1 ApntEx.exe [3172.3364] ZwSetContextThread
SSDT 86557034 ApntEx.exe [3172.3364] ZwSetValueKey
SSDT 86554C9F ApntEx.exe [3172.3364] ZwShutdownSystem
SSDT 86556C2E ApntEx.exe [3172.3364] ZwSuspendThread
SSDT 86556BBB ApntEx.exe [3172.3364] ZwTerminateThread
SSDT 86557315 ApntEx.exe [3172.3364] ZwWriteVirtualMemory





#11 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:09 PM

---- Threads - GMER 1.0.15 ----

Thread ApntEx.exe [3172:3324] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ApntEx.exe [3172.3324] ZwAlpcConnectPort
SSDT 88B892D0 ApntEx.exe [3172.3324] ZwCreateThread
SSDT 86557146 ApntEx.exe [3172.3324] ZwDeleteValueKey
SSDT 86556DDE ApntEx.exe [3172.3324] ZwEnumerateKey
SSDT 86556EF7 ApntEx.exe [3172.3324] ZwEnumerateValueKey
SSDT 88A73C78 ApntEx.exe [3172.3324] ZwLoadDriver
SSDT 86556D14 ApntEx.exe [3172.3324] ZwOpenKey
SSDT 86556A4E ApntEx.exe [3172.3324] ZwOpenProcess
SSDT 86556AD6 ApntEx.exe [3172.3324] ZwOpenThread
SSDT 8655738B ApntEx.exe [3172.3324] ZwProtectVirtualMemory
SSDT 86557562 ApntEx.exe [3172.3324] ZwQueryDirectoryFile
SSDT 865568FB ApntEx.exe [3172.3324] ZwQuerySystemInformation
SSDT 8655729F ApntEx.exe [3172.3324] ZwReadVirtualMemory
SSDT 88B21980 ApntEx.exe [3172.3324] ZwResumeThread
SSDT 86556CA1 ApntEx.exe [3172.3324] ZwSetContextThread
SSDT 86557034 ApntEx.exe [3172.3324] ZwSetValueKey
SSDT 86554C9F ApntEx.exe [3172.3324] ZwShutdownSystem
SSDT 86556C2E ApntEx.exe [3172.3324] ZwSuspendThread
SSDT 86556BBB ApntEx.exe [3172.3324] ZwTerminateThread
SSDT 86557315 ApntEx.exe [3172.3324] ZwWriteVirtualMemory
SSDT 88A73ED8 taskeng.exe [3176.3180] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3180] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3180] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3180] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3180] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3180] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3180] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3180] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3180] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3180] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3180] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3180] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3180] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3180] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3180] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3180] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3180] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3180] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3180] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3180] ZwWriteVirtualMemory
SSDT 88A73ED8 taskeng.exe [3176.3200] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3200] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3200] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3200] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3200] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3200] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3200] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3200] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3200] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3200] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3200] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3200] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3200] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3200] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3200] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3200] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3200] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3200] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3200] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3200] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3204] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3204] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3204] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3204] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3204] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3204] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3204] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3204] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3204] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3204] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3204] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3204] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3204] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3204] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3204] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3204] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3204] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3204] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3204] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3204] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3204] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3248] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3248] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3248] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3248] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3248] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3248] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3248] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3248] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3248] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3248] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3248] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3248] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3248] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3248] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3248] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3248] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3248] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3248] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3248] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3248] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3248] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3260] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3260] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3260] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3260] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3260] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3260] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3260] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3260] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3260] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3260] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3260] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3260] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3260] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3260] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3260] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3260] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3260] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3260] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3260] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3260] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3260] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3264] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3264] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3264] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3264] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3264] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3264] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3264] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3264] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3264] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3264] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3264] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3264] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3264] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3264] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3264] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3264] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3264] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3264] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3264] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3264] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3264] ZwWriteVirtualMemory
SSDT 88A73ED8 taskeng.exe [3176.3332] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3332] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3332] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3332] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3332] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3332] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3332] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3332] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3332] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3332] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3332] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3332] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3332] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3332] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3332] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3332] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3332] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3332] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3332] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3332] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3344] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3344] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3344] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3344] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3344] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3344] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3344] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3344] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3344] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3344] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3344] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3344] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3344] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3344] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3344] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3344] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3344] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3344] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3344] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3344] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3344] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3352] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3352] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3352] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3352] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3352] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3352] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3352] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3352] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3352] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3352] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3352] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3352] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3352] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3352] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3352] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3352] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3352] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3352] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3352] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3352] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3352] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3452] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3452] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3452] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3452] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3452] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3452] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3452] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3452] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3452] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3452] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3452] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3452] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3452] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3452] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3452] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3452] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3452] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3452] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3452] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3452] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3452] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:3476] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.3476] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.3476] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.3476] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.3476] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.3476] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.3476] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.3476] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.3476] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.3476] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.3476] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.3476] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.3476] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.3476] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.3476] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.3476] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.3476] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.3476] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.3476] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.3476] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.3476] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:2192] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.2192] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.2192] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.2192] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.2192] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.2192] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.2192] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.2192] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.2192] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.2192] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.2192] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.2192] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.2192] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.2192] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.2192] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.2192] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.2192] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.2192] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.2192] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.2192] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.2192] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread taskeng.exe [3176:4272] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 taskeng.exe [3176.4272] ZwAlpcConnectPort
SSDT 88B892D0 taskeng.exe [3176.4272] ZwCreateThread
SSDT 86557146 taskeng.exe [3176.4272] ZwDeleteValueKey
SSDT 86556DDE taskeng.exe [3176.4272] ZwEnumerateKey
SSDT 86556EF7 taskeng.exe [3176.4272] ZwEnumerateValueKey
SSDT 88A73C78 taskeng.exe [3176.4272] ZwLoadDriver
SSDT 86556D14 taskeng.exe [3176.4272] ZwOpenKey
SSDT 86556A4E taskeng.exe [3176.4272] ZwOpenProcess
SSDT 86556AD6 taskeng.exe [3176.4272] ZwOpenThread
SSDT 8655738B taskeng.exe [3176.4272] ZwProtectVirtualMemory
SSDT 86557562 taskeng.exe [3176.4272] ZwQueryDirectoryFile
SSDT 865568FB taskeng.exe [3176.4272] ZwQuerySystemInformation
SSDT 8655729F taskeng.exe [3176.4272] ZwReadVirtualMemory
SSDT 88B21980 taskeng.exe [3176.4272] ZwResumeThread
SSDT 86556CA1 taskeng.exe [3176.4272] ZwSetContextThread
SSDT 86557034 taskeng.exe [3176.4272] ZwSetValueKey
SSDT 86554C9F taskeng.exe [3176.4272] ZwShutdownSystem
SSDT 86556C2E taskeng.exe [3176.4272] ZwSuspendThread
SSDT 86556BBB taskeng.exe [3176.4272] ZwTerminateThread
SSDT 86557315 taskeng.exe [3176.4272] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3224] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3224] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3224] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3224] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3224] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3224] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3224] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3224] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3224] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3224] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3224] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3224] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3224] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3224] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3224] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3224] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3224] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3224] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3224] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3224] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3224] ZwWriteVirtualMemory
SSDT 88A73ED8 explorer.exe [3220.3444] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3444] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3444] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3444] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3444] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3444] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3444] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3444] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3444] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3444] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3444] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3444] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3444] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3444] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3444] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3444] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3444] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3444] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3444] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3444] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3456] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3456] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3456] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3456] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3456] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3456] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3456] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3456] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3456] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3456] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3456] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3456] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3456] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3456] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3456] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3456] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3456] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3456] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3456] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3456] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3456] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3500] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3500] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3500] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3500] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3500] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3500] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3500] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3500] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3500] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3500] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3500] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3500] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3500] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3500] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3500] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3500] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3500] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3500] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3500] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3500] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3500] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3552] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3552] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3552] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3552] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3552] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3552] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3552] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3552] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3552] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3552] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3552] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3552] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3552] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3552] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3552] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3552] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3552] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3552] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3552] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3552] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3552] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3588] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3588] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3588] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3588] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3588] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3588] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3588] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3588] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3588] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3588] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3588] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3588] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3588] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3588] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3588] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3588] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3588] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3588] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3588] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3588] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3588] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:2768] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.2768] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.2768] ZwCreateThread
SSDT 86557146 explorer.exe [3220.2768] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.2768] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.2768] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.2768] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.2768] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.2768] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.2768] ZwOpenThread
SSDT 8655738B explorer.exe [3220.2768] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.2768] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.2768] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.2768] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.2768] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.2768] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.2768] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.2768] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.2768] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.2768] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.2768] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:2796] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.2796] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.2796] ZwCreateThread
SSDT 86557146 explorer.exe [3220.2796] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.2796] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.2796] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.2796] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.2796] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.2796] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.2796] ZwOpenThread
SSDT 8655738B explorer.exe [3220.2796] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.2796] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.2796] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.2796] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.2796] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.2796] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.2796] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.2796] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.2796] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.2796] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.2796] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:936] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.936] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.936] ZwCreateThread
SSDT 86557146 explorer.exe [3220.936] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.936] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.936] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.936] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.936] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.936] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.936] ZwOpenThread
SSDT 8655738B explorer.exe [3220.936] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.936] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.936] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.936] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.936] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.936] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.936] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.936] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.936] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.936] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.936] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:2860] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.2860] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.2860] ZwCreateThread
SSDT 86557146 explorer.exe [3220.2860] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.2860] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.2860] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.2860] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.2860] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.2860] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.2860] ZwOpenThread
SSDT 8655738B explorer.exe [3220.2860] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.2860] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.2860] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.2860] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.2860] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.2860] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.2860] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.2860] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.2860] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.2860] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.2860] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:2680] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.2680] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.2680] ZwCreateThread
SSDT 86557146 explorer.exe [3220.2680] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.2680] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.2680] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.2680] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.2680] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.2680] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.2680] ZwOpenThread
SSDT 8655738B explorer.exe [3220.2680] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.2680] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.2680] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.2680] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.2680] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.2680] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.2680] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.2680] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.2680] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.2680] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.2680] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:2696] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.2696] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.2696] ZwCreateThread
SSDT 86557146 explorer.exe [3220.2696] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.2696] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.2696] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.2696] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.2696] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.2696] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.2696] ZwOpenThread
SSDT 8655738B explorer.exe [3220.2696] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.2696] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.2696] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.2696] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.2696] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.2696] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.2696] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.2696] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.2696] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.2696] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.2696] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:1796] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.1796] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.1796] ZwCreateThread
SSDT 86557146 explorer.exe [3220.1796] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.1796] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.1796] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.1796] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.1796] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.1796] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.1796] ZwOpenThread
SSDT 8655738B explorer.exe [3220.1796] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.1796] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.1796] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.1796] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.1796] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.1796] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.1796] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.1796] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.1796] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.1796] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.1796] ZwWriteVirtualMemory
SSDT 88A73ED8 explorer.exe [3220.1072] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.1072] ZwCreateThread
SSDT 86557146 explorer.exe [3220.1072] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.1072] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.1072] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.1072] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.1072] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.1072] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.1072] ZwOpenThread
SSDT 8655738B explorer.exe [3220.1072] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.1072] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.1072] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.1072] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.1072] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.1072] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.1072] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.1072] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.1072] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.1072] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.1072] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:1340] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.1340] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.1340] ZwCreateThread
SSDT 86557146 explorer.exe [3220.1340] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.1340] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.1340] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.1340] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.1340] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.1340] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.1340] ZwOpenThread
SSDT 8655738B explorer.exe [3220.1340] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.1340] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.1340] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.1340] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.1340] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.1340] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.1340] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.1340] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.1340] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.1340] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.1340] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:1476] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.1476] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.1476] ZwCreateThread
SSDT 86557146 explorer.exe [3220.1476] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.1476] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.1476] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.1476] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.1476] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.1476] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.1476] ZwOpenThread
SSDT 8655738B explorer.exe [3220.1476] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.1476] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.1476] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.1476] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.1476] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.1476] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.1476] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.1476] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.1476] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.1476] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.1476] ZwWriteVirtualMemory
SSDT 88A73ED8 explorer.exe [3220.2420] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.2420] ZwCreateThread
SSDT 86557146 explorer.exe [3220.2420] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.2420] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.2420] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.2420] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.2420] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.2420] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.2420] ZwOpenThread
SSDT 8655738B explorer.exe [3220.2420] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.2420] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.2420] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.2420] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.2420] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.2420] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.2420] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.2420] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.2420] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.2420] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.2420] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3068] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3068] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3068] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3068] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3068] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3068] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3068] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3068] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3068] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3068] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3068] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3068] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3068] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3068] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3068] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3068] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3068] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3068] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3068] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3068] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3068] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3136] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3136] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3136] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3136] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3136] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3136] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3136] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3136] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3136] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3136] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3136] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3136] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3136] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3136] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3136] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3136] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3136] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3136] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3136] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3136] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3136] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3400] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3400] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3400] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3400] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3400] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3400] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3400] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3400] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3400] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3400] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3400] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3400] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3400] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3400] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3400] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3400] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3400] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3400] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3400] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3400] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3400] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:3472] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.3472] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.3472] ZwCreateThread
SSDT 86557146 explorer.exe [3220.3472] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.3472] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.3472] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.3472] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.3472] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.3472] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.3472] ZwOpenThread
SSDT 8655738B explorer.exe [3220.3472] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.3472] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.3472] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.3472] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.3472] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.3472] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.3472] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.3472] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.3472] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.3472] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.3472] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:4188] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.4188] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.4188] ZwCreateThread
SSDT 86557146 explorer.exe [3220.4188] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.4188] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.4188] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.4188] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.4188] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.4188] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.4188] ZwOpenThread
SSDT 8655738B explorer.exe [3220.4188] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.4188] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.4188] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.4188] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.4188] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.4188] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.4188] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.4188] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.4188] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.4188] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.4188] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:1408] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.1408] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.1408] ZwCreateThread
SSDT 86557146 explorer.exe [3220.1408] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.1408] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.1408] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.1408] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.1408] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.1408] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.1408] ZwOpenThread
SSDT 8655738B explorer.exe [3220.1408] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.1408] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.1408] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.1408] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.1408] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.1408] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.1408] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.1408] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.1408] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.1408] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.1408] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:5828] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.5828] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.5828] ZwCreateThread
SSDT 86557146 explorer.exe [3220.5828] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.5828] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.5828] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.5828] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.5828] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.5828] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.5828] ZwOpenThread
SSDT 8655738B explorer.exe [3220.5828] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.5828] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.5828] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.5828] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.5828] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.5828] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.5828] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.5828] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.5828] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.5828] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.5828] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread explorer.exe [3220:4736] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 explorer.exe [3220.4736] ZwAlpcConnectPort
SSDT 88B892D0 explorer.exe [3220.4736] ZwCreateThread
SSDT 86557146 explorer.exe [3220.4736] ZwDeleteValueKey
SSDT 86556DDE explorer.exe [3220.4736] ZwEnumerateKey
SSDT 86556EF7 explorer.exe [3220.4736] ZwEnumerateValueKey
SSDT 88A73C78 explorer.exe [3220.4736] ZwLoadDriver
SSDT 86556D14 explorer.exe [3220.4736] ZwOpenKey
SSDT 86556A4E explorer.exe [3220.4736] ZwOpenProcess
SSDT 86556AD6 explorer.exe [3220.4736] ZwOpenThread
SSDT 8655738B explorer.exe [3220.4736] ZwProtectVirtualMemory
SSDT 86557562 explorer.exe [3220.4736] ZwQueryDirectoryFile
SSDT 865568FB explorer.exe [3220.4736] ZwQuerySystemInformation
SSDT 8655729F explorer.exe [3220.4736] ZwReadVirtualMemory
SSDT 88B21980 explorer.exe [3220.4736] ZwResumeThread
SSDT 86556CA1 explorer.exe [3220.4736] ZwSetContextThread
SSDT 86557034 explorer.exe [3220.4736] ZwSetValueKey
SSDT 86554C9F explorer.exe [3220.4736] ZwShutdownSystem
SSDT 86556C2E explorer.exe [3220.4736] ZwSuspendThread
SSDT 86556BBB explorer.exe [3220.4736] ZwTerminateThread
SSDT 86557315 explorer.exe [3220.4736] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:1864] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.1864] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.1864] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.1864] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.1864] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.1864] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.1864] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.1864] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.1864] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.1864] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.1864] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.1864] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.1864] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.1864] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.1864] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.1864] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.1864] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.1864] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.1864] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.1864] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.1864] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:2748] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.2748] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.2748] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.2748] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.2748] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.2748] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.2748] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.2748] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.2748] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.2748] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.2748] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.2748] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.2748] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.2748] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.2748] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.2748] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.2748] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.2748] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.2748] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.2748] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.2748] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:2116] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.2116] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.2116] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.2116] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.2116] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.2116] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.2116] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.2116] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.2116] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.2116] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.2116] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.2116] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.2116] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.2116] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.2116] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.2116] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.2116] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.2116] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.2116] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.2116] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.2116] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:3520] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.3520] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.3520] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.3520] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.3520] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.3520] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.3520] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.3520] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.3520] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.3520] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.3520] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.3520] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.3520] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.3520] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.3520] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.3520] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.3520] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.3520] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.3520] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.3520] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.3520] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:3244] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.3244] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.3244] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.3244] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.3244] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.3244] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.3244] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.3244] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.3244] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.3244] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.3244] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.3244] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.3244] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.3244] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.3244] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.3244] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.3244] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.3244] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.3244] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.3244] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.3244] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:1820] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.1820] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.1820] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.1820] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.1820] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.1820] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.1820] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.1820] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.1820] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.1820] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.1820] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.1820] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.1820] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.1820] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.1820] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.1820] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.1820] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.1820] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.1820] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.1820] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.1820] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:2832] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.2832] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.2832] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.2832] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.2832] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.2832] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.2832] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.2832] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.2832] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.2832] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.2832] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.2832] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.2832] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.2832] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.2832] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.2832] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.2832] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.2832] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.2832] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.2832] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.2832] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:3964] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.3964] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.3964] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.3964] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.3964] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.3964] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.3964] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.3964] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.3964] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.3964] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.3964] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.3964] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.3964] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.3964] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.3964] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.3964] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.3964] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.3964] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.3964] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.3964] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.3964] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:3684] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.3684] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.3684] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.3684] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.3684] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.3684] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.3684] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.3684] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.3684] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.3684] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.3684] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.3684] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.3684] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.3684] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.3684] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.3684] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.3684] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.3684] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.3684] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.3684] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.3684] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:1548] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.1548] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.1548] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.1548] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.1548] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.1548] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.1548] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.1548] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.1548] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.1548] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.1548] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.1548] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.1548] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.1548] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.1548] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.1548] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.1548] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.1548] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.1548] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.1548] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.1548] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iPodService.exe [3468:5568] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iPodService.exe [3468.5568] ZwAlpcConnectPort
SSDT 88B892D0 iPodService.exe [3468.5568] ZwCreateThread
SSDT 86557146 iPodService.exe [3468.5568] ZwDeleteValueKey
SSDT 86556DDE iPodService.exe [3468.5568] ZwEnumerateKey
SSDT 86556EF7 iPodService.exe [3468.5568] ZwEnumerateValueKey
SSDT 88A73C78 iPodService.exe [3468.5568] ZwLoadDriver
SSDT 86556D14 iPodService.exe [3468.5568] ZwOpenKey
SSDT 86556A4E iPodService.exe [3468.5568] ZwOpenProcess
SSDT 86556AD6 iPodService.exe [3468.5568] ZwOpenThread
SSDT 8655738B iPodService.exe [3468.5568] ZwProtectVirtualMemory
SSDT 86557562 iPodService.exe [3468.5568] ZwQueryDirectoryFile
SSDT 865568FB iPodService.exe [3468.5568] ZwQuerySystemInformation
SSDT 8655729F iPodService.exe [3468.5568] ZwReadVirtualMemory
SSDT 88B21980 iPodService.exe [3468.5568] ZwResumeThread
SSDT 86556CA1 iPodService.exe [3468.5568] ZwSetContextThread
SSDT 86557034 iPodService.exe [3468.5568] ZwSetValueKey
SSDT 86554C9F iPodService.exe [3468.5568] ZwShutdownSystem
SSDT 86556C2E iPodService.exe [3468.5568] ZwSuspendThread
SSDT 86556BBB iPodService.exe [3468.5568] ZwTerminateThread
SSDT 86557315 iPodService.exe [3468.5568] ZwWriteVirtualMemory
SSDT 88A73ED8 RtHDVCpl.exe [3528.3532] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3532] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3532] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3532] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3532] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3532] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3532] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3532] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3532] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3532] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3532] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3532] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3532] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3532] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3532] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3532] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3532] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3532] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3532] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3532] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3704] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3704] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3704] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3704] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3704] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3704] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3704] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3704] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3704] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3704] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3704] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3704] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3704] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3704] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3704] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3704] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3704] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3704] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3704] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3704] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3704] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3732] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3732] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3732] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3732] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3732] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3732] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3732] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3732] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3732] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3732] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3732] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3732] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3732] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3732] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3732] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3732] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3732] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3732] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3732] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3732] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3732] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3736] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3736] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3736] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3736] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3736] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3736] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3736] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3736] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3736] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3736] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3736] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3736] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3736] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3736] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3736] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3736] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3736] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3736] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3736] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3736] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3736] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3744] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3744] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3744] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3744] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3744] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3744] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3744] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3744] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3744] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3744] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3744] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3744] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3744] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3744] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3744] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3744] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3744] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3744] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3744] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3744] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3744] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3932] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3932] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3932] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3932] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3932] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3932] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3932] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3932] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3932] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3932] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3932] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3932] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3932] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3932] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3932] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3932] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3932] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3932] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3932] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3932] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3932] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3940] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3940] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3940] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3940] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3940] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3940] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3940] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3940] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3940] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3940] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3940] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3940] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3940] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3940] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3940] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3940] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3940] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3940] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3940] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3940] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3940] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:4080] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.4080] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.4080] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.4080] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.4080] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.4080] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.4080] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.4080] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.4080] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.4080] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.4080] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.4080] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.4080] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.4080] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.4080] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.4080] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.4080] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.4080] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.4080] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.4080] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.4080] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread RtHDVCpl.exe [3528:3672] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 RtHDVCpl.exe [3528.3672] ZwAlpcConnectPort
SSDT 88B892D0 RtHDVCpl.exe [3528.3672] ZwCreateThread
SSDT 86557146 RtHDVCpl.exe [3528.3672] ZwDeleteValueKey
SSDT 86556DDE RtHDVCpl.exe [3528.3672] ZwEnumerateKey
SSDT 86556EF7 RtHDVCpl.exe [3528.3672] ZwEnumerateValueKey
SSDT 88A73C78 RtHDVCpl.exe [3528.3672] ZwLoadDriver
SSDT 86556D14 RtHDVCpl.exe [3528.3672] ZwOpenKey
SSDT 86556A4E RtHDVCpl.exe [3528.3672] ZwOpenProcess
SSDT 86556AD6 RtHDVCpl.exe [3528.3672] ZwOpenThread
SSDT 8655738B RtHDVCpl.exe [3528.3672] ZwProtectVirtualMemory
SSDT 86557562 RtHDVCpl.exe [3528.3672] ZwQueryDirectoryFile
SSDT 865568FB RtHDVCpl.exe [3528.3672] ZwQuerySystemInformation
SSDT 8655729F RtHDVCpl.exe [3528.3672] ZwReadVirtualMemory
SSDT 88B21980 RtHDVCpl.exe [3528.3672] ZwResumeThread
SSDT 86556CA1 RtHDVCpl.exe [3528.3672] ZwSetContextThread
SSDT 86557034 RtHDVCpl.exe [3528.3672] ZwSetValueKey
SSDT 86554C9F RtHDVCpl.exe [3528.3672] ZwShutdownSystem
SSDT 86556C2E RtHDVCpl.exe [3528.3672] ZwSuspendThread
SSDT 86556BBB RtHDVCpl.exe [3528.3672] ZwTerminateThread
SSDT 86557315 RtHDVCpl.exe [3528.3672] ZwWriteVirtualMemory
SSDT 88A73ED8 Apoint.exe [3544.3548] ZwAlpcConnectPort
SSDT 88B892D0 Apoint.exe [3544.3548] ZwCreateThread
SSDT 86557146 Apoint.exe [3544.3548] ZwDeleteValueKey
SSDT 86556DDE Apoint.exe [3544.3548] ZwEnumerateKey
SSDT 86556EF7 Apoint.exe [3544.3548] ZwEnumerateValueKey
SSDT 88A73C78 Apoint.exe [3544.3548] ZwLoadDriver
SSDT 86556D14 Apoint.exe [3544.3548] ZwOpenKey
SSDT 86556A4E Apoint.exe [3544.3548] ZwOpenProcess
SSDT 86556AD6 Apoint.exe [3544.3548] ZwOpenThread
SSDT 8655738B Apoint.exe [3544.3548] ZwProtectVirtualMemory
SSDT 86557562 Apoint.exe [3544.3548] ZwQueryDirectoryFile
SSDT 865568FB Apoint.exe [3544.3548] ZwQuerySystemInformation
SSDT 8655729F Apoint.exe [3544.3548] ZwReadVirtualMemory
SSDT 88B21980 Apoint.exe [3544.3548] ZwResumeThread
SSDT 86556CA1 Apoint.exe [3544.3548] ZwSetContextThread
SSDT 86557034 Apoint.exe [3544.3548] ZwSetValueKey
SSDT 86554C9F Apoint.exe [3544.3548] ZwShutdownSystem
SSDT 86556C2E Apoint.exe [3544.3548] ZwSuspendThread
SSDT 86556BBB Apoint.exe [3544.3548] ZwTerminateThread
SSDT 86557315 Apoint.exe [3544.3548] ZwWriteVirtualMemory





#12 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:11 PM

---- Threads - GMER 1.0.15 ----

Thread Apoint.exe [3544:3728] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 Apoint.exe [3544.3728] ZwAlpcConnectPort
SSDT 88B892D0 Apoint.exe [3544.3728] ZwCreateThread
SSDT 86557146 Apoint.exe [3544.3728] ZwDeleteValueKey
SSDT 86556DDE Apoint.exe [3544.3728] ZwEnumerateKey
SSDT 86556EF7 Apoint.exe [3544.3728] ZwEnumerateValueKey
SSDT 88A73C78 Apoint.exe [3544.3728] ZwLoadDriver
SSDT 86556D14 Apoint.exe [3544.3728] ZwOpenKey
SSDT 86556A4E Apoint.exe [3544.3728] ZwOpenProcess
SSDT 86556AD6 Apoint.exe [3544.3728] ZwOpenThread
SSDT 8655738B Apoint.exe [3544.3728] ZwProtectVirtualMemory
SSDT 86557562 Apoint.exe [3544.3728] ZwQueryDirectoryFile
SSDT 865568FB Apoint.exe [3544.3728] ZwQuerySystemInformation
SSDT 8655729F Apoint.exe [3544.3728] ZwReadVirtualMemory
SSDT 88B21980 Apoint.exe [3544.3728] ZwResumeThread
SSDT 86556CA1 Apoint.exe [3544.3728] ZwSetContextThread
SSDT 86557034 Apoint.exe [3544.3728] ZwSetValueKey
SSDT 86554C9F Apoint.exe [3544.3728] ZwShutdownSystem
SSDT 86556C2E Apoint.exe [3544.3728] ZwSuspendThread
SSDT 86556BBB Apoint.exe [3544.3728] ZwTerminateThread
SSDT 86557315 Apoint.exe [3544.3728] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread IndicatorUty.exe [3556:3560] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 IndicatorUty.exe [3556.3560] ZwAlpcConnectPort
SSDT 88B892D0 IndicatorUty.exe [3556.3560] ZwCreateThread
SSDT 86557146 IndicatorUty.exe [3556.3560] ZwDeleteValueKey
SSDT 86556DDE IndicatorUty.exe [3556.3560] ZwEnumerateKey
SSDT 86556EF7 IndicatorUty.exe [3556.3560] ZwEnumerateValueKey
SSDT 88A73C78 IndicatorUty.exe [3556.3560] ZwLoadDriver
SSDT 86556D14 IndicatorUty.exe [3556.3560] ZwOpenKey
SSDT 86556A4E IndicatorUty.exe [3556.3560] ZwOpenProcess
SSDT 86556AD6 IndicatorUty.exe [3556.3560] ZwOpenThread
SSDT 8655738B IndicatorUty.exe [3556.3560] ZwProtectVirtualMemory
SSDT 86557562 IndicatorUty.exe [3556.3560] ZwQueryDirectoryFile
SSDT 865568FB IndicatorUty.exe [3556.3560] ZwQuerySystemInformation
SSDT 8655729F IndicatorUty.exe [3556.3560] ZwReadVirtualMemory
SSDT 88B21980 IndicatorUty.exe [3556.3560] ZwResumeThread
SSDT 86556CA1 IndicatorUty.exe [3556.3560] ZwSetContextThread
SSDT 86557034 IndicatorUty.exe [3556.3560] ZwSetValueKey
SSDT 86554C9F IndicatorUty.exe [3556.3560] ZwShutdownSystem
SSDT 86556C2E IndicatorUty.exe [3556.3560] ZwSuspendThread
SSDT 86556BBB IndicatorUty.exe [3556.3560] ZwTerminateThread
SSDT 86557315 IndicatorUty.exe [3556.3560] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread IndicatorUty.exe [3556:2780] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 IndicatorUty.exe [3556.2780] ZwAlpcConnectPort
SSDT 88B892D0 IndicatorUty.exe [3556.2780] ZwCreateThread
SSDT 86557146 IndicatorUty.exe [3556.2780] ZwDeleteValueKey
SSDT 86556DDE IndicatorUty.exe [3556.2780] ZwEnumerateKey
SSDT 86556EF7 IndicatorUty.exe [3556.2780] ZwEnumerateValueKey
SSDT 88A73C78 IndicatorUty.exe [3556.2780] ZwLoadDriver
SSDT 86556D14 IndicatorUty.exe [3556.2780] ZwOpenKey
SSDT 86556A4E IndicatorUty.exe [3556.2780] ZwOpenProcess
SSDT 86556AD6 IndicatorUty.exe [3556.2780] ZwOpenThread
SSDT 8655738B IndicatorUty.exe [3556.2780] ZwProtectVirtualMemory
SSDT 86557562 IndicatorUty.exe [3556.2780] ZwQueryDirectoryFile
SSDT 865568FB IndicatorUty.exe [3556.2780] ZwQuerySystemInformation
SSDT 8655729F IndicatorUty.exe [3556.2780] ZwReadVirtualMemory
SSDT 88B21980 IndicatorUty.exe [3556.2780] ZwResumeThread
SSDT 86556CA1 IndicatorUty.exe [3556.2780] ZwSetContextThread
SSDT 86557034 IndicatorUty.exe [3556.2780] ZwSetValueKey
SSDT 86554C9F IndicatorUty.exe [3556.2780] ZwShutdownSystem
SSDT 86556C2E IndicatorUty.exe [3556.2780] ZwSuspendThread
SSDT 86556BBB IndicatorUty.exe [3556.2780] ZwTerminateThread
SSDT 86557315 IndicatorUty.exe [3556.2780] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread IndicatorUty.exe [3556:4028] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 IndicatorUty.exe [3556.4028] ZwAlpcConnectPort
SSDT 88B892D0 IndicatorUty.exe [3556.4028] ZwCreateThread
SSDT 86557146 IndicatorUty.exe [3556.4028] ZwDeleteValueKey
SSDT 86556DDE IndicatorUty.exe [3556.4028] ZwEnumerateKey
SSDT 86556EF7 IndicatorUty.exe [3556.4028] ZwEnumerateValueKey
SSDT 88A73C78 IndicatorUty.exe [3556.4028] ZwLoadDriver
SSDT 86556D14 IndicatorUty.exe [3556.4028] ZwOpenKey
SSDT 86556A4E IndicatorUty.exe [3556.4028] ZwOpenProcess
SSDT 86556AD6 IndicatorUty.exe [3556.4028] ZwOpenThread
SSDT 8655738B IndicatorUty.exe [3556.4028] ZwProtectVirtualMemory
SSDT 86557562 IndicatorUty.exe [3556.4028] ZwQueryDirectoryFile
SSDT 865568FB IndicatorUty.exe [3556.4028] ZwQuerySystemInformation
SSDT 8655729F IndicatorUty.exe [3556.4028] ZwReadVirtualMemory
SSDT 88B21980 IndicatorUty.exe [3556.4028] ZwResumeThread
SSDT 86556CA1 IndicatorUty.exe [3556.4028] ZwSetContextThread
SSDT 86557034 IndicatorUty.exe [3556.4028] ZwSetValueKey
SSDT 86554C9F IndicatorUty.exe [3556.4028] ZwShutdownSystem
SSDT 86556C2E IndicatorUty.exe [3556.4028] ZwSuspendThread
SSDT 86556BBB IndicatorUty.exe [3556.4028] ZwTerminateThread
SSDT 86557315 IndicatorUty.exe [3556.4028] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread IndicatorUty.exe [3556:4052] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 IndicatorUty.exe [3556.4052] ZwAlpcConnectPort
SSDT 88B892D0 IndicatorUty.exe [3556.4052] ZwCreateThread
SSDT 86557146 IndicatorUty.exe [3556.4052] ZwDeleteValueKey
SSDT 86556DDE IndicatorUty.exe [3556.4052] ZwEnumerateKey
SSDT 86556EF7 IndicatorUty.exe [3556.4052] ZwEnumerateValueKey
SSDT 88A73C78 IndicatorUty.exe [3556.4052] ZwLoadDriver
SSDT 86556D14 IndicatorUty.exe [3556.4052] ZwOpenKey
SSDT 86556A4E IndicatorUty.exe [3556.4052] ZwOpenProcess
SSDT 86556AD6 IndicatorUty.exe [3556.4052] ZwOpenThread
SSDT 8655738B IndicatorUty.exe [3556.4052] ZwProtectVirtualMemory
SSDT 86557562 IndicatorUty.exe [3556.4052] ZwQueryDirectoryFile
SSDT 865568FB IndicatorUty.exe [3556.4052] ZwQuerySystemInformation
SSDT 8655729F IndicatorUty.exe [3556.4052] ZwReadVirtualMemory
SSDT 88B21980 IndicatorUty.exe [3556.4052] ZwResumeThread
SSDT 86556CA1 IndicatorUty.exe [3556.4052] ZwSetContextThread
SSDT 86557034 IndicatorUty.exe [3556.4052] ZwSetValueKey
SSDT 86554C9F IndicatorUty.exe [3556.4052] ZwShutdownSystem
SSDT 86556C2E IndicatorUty.exe [3556.4052] ZwSuspendThread
SSDT 86556BBB IndicatorUty.exe [3556.4052] ZwTerminateThread
SSDT 86557315 IndicatorUty.exe [3556.4052] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:3576] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.3576] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.3576] ZwCreateThread
SSDT 86557146 MOM.exe [3572.3576] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.3576] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.3576] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.3576] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.3576] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.3576] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.3576] ZwOpenThread
SSDT 8655738B MOM.exe [3572.3576] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.3576] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.3576] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.3576] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.3576] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.3576] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.3576] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.3576] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.3576] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.3576] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.3576] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:2928] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.2928] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.2928] ZwCreateThread
SSDT 86557146 MOM.exe [3572.2928] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.2928] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.2928] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.2928] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.2928] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.2928] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.2928] ZwOpenThread
SSDT 8655738B MOM.exe [3572.2928] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.2928] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.2928] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.2928] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.2928] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.2928] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.2928] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.2928] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.2928] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.2928] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.2928] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:4036] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.4036] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.4036] ZwCreateThread
SSDT 86557146 MOM.exe [3572.4036] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.4036] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.4036] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.4036] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.4036] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.4036] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.4036] ZwOpenThread
SSDT 8655738B MOM.exe [3572.4036] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.4036] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.4036] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.4036] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.4036] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.4036] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.4036] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.4036] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.4036] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.4036] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.4036] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:3664] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.3664] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.3664] ZwCreateThread
SSDT 86557146 MOM.exe [3572.3664] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.3664] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.3664] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.3664] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.3664] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.3664] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.3664] ZwOpenThread
SSDT 8655738B MOM.exe [3572.3664] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.3664] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.3664] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.3664] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.3664] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.3664] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.3664] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.3664] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.3664] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.3664] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.3664] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:3480] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.3480] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.3480] ZwCreateThread
SSDT 86557146 MOM.exe [3572.3480] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.3480] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.3480] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.3480] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.3480] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.3480] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.3480] ZwOpenThread
SSDT 8655738B MOM.exe [3572.3480] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.3480] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.3480] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.3480] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.3480] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.3480] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.3480] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.3480] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.3480] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.3480] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.3480] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:2364] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.2364] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.2364] ZwCreateThread
SSDT 86557146 MOM.exe [3572.2364] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.2364] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.2364] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.2364] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.2364] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.2364] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.2364] ZwOpenThread
SSDT 8655738B MOM.exe [3572.2364] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.2364] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.2364] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.2364] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.2364] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.2364] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.2364] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.2364] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.2364] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.2364] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.2364] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:4084] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.4084] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.4084] ZwCreateThread
SSDT 86557146 MOM.exe [3572.4084] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.4084] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.4084] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.4084] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.4084] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.4084] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.4084] ZwOpenThread
SSDT 8655738B MOM.exe [3572.4084] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.4084] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.4084] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.4084] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.4084] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.4084] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.4084] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.4084] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.4084] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.4084] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.4084] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:2352] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.2352] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.2352] ZwCreateThread
SSDT 86557146 MOM.exe [3572.2352] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.2352] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.2352] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.2352] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.2352] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.2352] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.2352] ZwOpenThread
SSDT 8655738B MOM.exe [3572.2352] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.2352] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.2352] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.2352] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.2352] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.2352] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.2352] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.2352] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.2352] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.2352] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.2352] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:2896] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.2896] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.2896] ZwCreateThread
SSDT 86557146 MOM.exe [3572.2896] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.2896] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.2896] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.2896] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.2896] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.2896] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.2896] ZwOpenThread
SSDT 8655738B MOM.exe [3572.2896] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.2896] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.2896] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.2896] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.2896] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.2896] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.2896] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.2896] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.2896] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.2896] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.2896] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:2724] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.2724] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.2724] ZwCreateThread
SSDT 86557146 MOM.exe [3572.2724] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.2724] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.2724] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.2724] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.2724] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.2724] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.2724] ZwOpenThread
SSDT 8655738B MOM.exe [3572.2724] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.2724] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.2724] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.2724] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.2724] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.2724] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.2724] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.2724] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.2724] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.2724] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.2724] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:3652] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.3652] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.3652] ZwCreateThread
SSDT 86557146 MOM.exe [3572.3652] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.3652] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.3652] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.3652] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.3652] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.3652] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.3652] ZwOpenThread
SSDT 8655738B MOM.exe [3572.3652] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.3652] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.3652] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.3652] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.3652] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.3652] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.3652] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.3652] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.3652] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.3652] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.3652] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:2900] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.2900] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.2900] ZwCreateThread
SSDT 86557146 MOM.exe [3572.2900] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.2900] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.2900] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.2900] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.2900] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.2900] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.2900] ZwOpenThread
SSDT 8655738B MOM.exe [3572.2900] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.2900] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.2900] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.2900] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.2900] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.2900] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.2900] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.2900] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.2900] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.2900] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.2900] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:4104] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.4104] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.4104] ZwCreateThread
SSDT 86557146 MOM.exe [3572.4104] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.4104] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.4104] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.4104] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.4104] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.4104] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.4104] ZwOpenThread
SSDT 8655738B MOM.exe [3572.4104] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.4104] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.4104] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.4104] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.4104] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.4104] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.4104] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.4104] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.4104] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.4104] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.4104] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread MOM.exe [3572:4496] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 MOM.exe [3572.4496] ZwAlpcConnectPort
SSDT 88B892D0 MOM.exe [3572.4496] ZwCreateThread
SSDT 86557146 MOM.exe [3572.4496] ZwDeleteValueKey
SSDT 86556DDE MOM.exe [3572.4496] ZwEnumerateKey
SSDT 86556EF7 MOM.exe [3572.4496] ZwEnumerateValueKey
SSDT 88A73C78 MOM.exe [3572.4496] ZwLoadDriver
SSDT 86556D14 MOM.exe [3572.4496] ZwOpenKey
SSDT 86556A4E MOM.exe [3572.4496] ZwOpenProcess
SSDT 86556AD6 MOM.exe [3572.4496] ZwOpenThread
SSDT 8655738B MOM.exe [3572.4496] ZwProtectVirtualMemory
SSDT 86557562 MOM.exe [3572.4496] ZwQueryDirectoryFile
SSDT 865568FB MOM.exe [3572.4496] ZwQuerySystemInformation
SSDT 8655729F MOM.exe [3572.4496] ZwReadVirtualMemory
SSDT 88B21980 MOM.exe [3572.4496] ZwResumeThread
SSDT 86556CA1 MOM.exe [3572.4496] ZwSetContextThread
SSDT 86557034 MOM.exe [3572.4496] ZwSetValueKey
SSDT 86554C9F MOM.exe [3572.4496] ZwShutdownSystem
SSDT 86556C2E MOM.exe [3572.4496] ZwSuspendThread
SSDT 86556BBB MOM.exe [3572.4496] ZwTerminateThread
SSDT 86557315 MOM.exe [3572.4496] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread FUJ02E3.exe [3580:3584] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 FUJ02E3.exe [3580.3584] ZwAlpcConnectPort
SSDT 88B892D0 FUJ02E3.exe [3580.3584] ZwCreateThread
SSDT 86557146 FUJ02E3.exe [3580.3584] ZwDeleteValueKey
SSDT 86556DDE FUJ02E3.exe [3580.3584] ZwEnumerateKey
SSDT 86556EF7 FUJ02E3.exe [3580.3584] ZwEnumerateValueKey
SSDT 88A73C78 FUJ02E3.exe [3580.3584] ZwLoadDriver
SSDT 86556D14 FUJ02E3.exe [3580.3584] ZwOpenKey
SSDT 86556A4E FUJ02E3.exe [3580.3584] ZwOpenProcess
SSDT 86556AD6 FUJ02E3.exe [3580.3584] ZwOpenThread
SSDT 8655738B FUJ02E3.exe [3580.3584] ZwProtectVirtualMemory
SSDT 86557562 FUJ02E3.exe [3580.3584] ZwQueryDirectoryFile
SSDT 865568FB FUJ02E3.exe [3580.3584] ZwQuerySystemInformation
SSDT 8655729F FUJ02E3.exe [3580.3584] ZwReadVirtualMemory
SSDT 88B21980 FUJ02E3.exe [3580.3584] ZwResumeThread
SSDT 86556CA1 FUJ02E3.exe [3580.3584] ZwSetContextThread
SSDT 86557034 FUJ02E3.exe [3580.3584] ZwSetValueKey
SSDT 86554C9F FUJ02E3.exe [3580.3584] ZwShutdownSystem
SSDT 86556C2E FUJ02E3.exe [3580.3584] ZwSuspendThread
SSDT 86556BBB FUJ02E3.exe [3580.3584] ZwTerminateThread
SSDT 86557315 FUJ02E3.exe [3580.3584] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread FUJ02E3.exe [3580:3748] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 FUJ02E3.exe [3580.3748] ZwAlpcConnectPort
SSDT 88B892D0 FUJ02E3.exe [3580.3748] ZwCreateThread
SSDT 86557146 FUJ02E3.exe [3580.3748] ZwDeleteValueKey
SSDT 86556DDE FUJ02E3.exe [3580.3748] ZwEnumerateKey
SSDT 86556EF7 FUJ02E3.exe [3580.3748] ZwEnumerateValueKey
SSDT 88A73C78 FUJ02E3.exe [3580.3748] ZwLoadDriver
SSDT 86556D14 FUJ02E3.exe [3580.3748] ZwOpenKey
SSDT 86556A4E FUJ02E3.exe [3580.3748] ZwOpenProcess
SSDT 86556AD6 FUJ02E3.exe [3580.3748] ZwOpenThread
SSDT 8655738B FUJ02E3.exe [3580.3748] ZwProtectVirtualMemory
SSDT 86557562 FUJ02E3.exe [3580.3748] ZwQueryDirectoryFile
SSDT 865568FB FUJ02E3.exe [3580.3748] ZwQuerySystemInformation
SSDT 8655729F FUJ02E3.exe [3580.3748] ZwReadVirtualMemory
SSDT 88B21980 FUJ02E3.exe [3580.3748] ZwResumeThread
SSDT 86556CA1 FUJ02E3.exe [3580.3748] ZwSetContextThread
SSDT 86557034 FUJ02E3.exe [3580.3748] ZwSetValueKey
SSDT 86554C9F FUJ02E3.exe [3580.3748] ZwShutdownSystem
SSDT 86556C2E FUJ02E3.exe [3580.3748] ZwSuspendThread
SSDT 86556BBB FUJ02E3.exe [3580.3748] ZwTerminateThread
SSDT 86557315 FUJ02E3.exe [3580.3748] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread FUJ02E3.exe [3580:3752] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 FUJ02E3.exe [3580.3752] ZwAlpcConnectPort
SSDT 88B892D0 FUJ02E3.exe [3580.3752] ZwCreateThread
SSDT 86557146 FUJ02E3.exe [3580.3752] ZwDeleteValueKey
SSDT 86556DDE FUJ02E3.exe [3580.3752] ZwEnumerateKey
SSDT 86556EF7 FUJ02E3.exe [3580.3752] ZwEnumerateValueKey
SSDT 88A73C78 FUJ02E3.exe [3580.3752] ZwLoadDriver
SSDT 86556D14 FUJ02E3.exe [3580.3752] ZwOpenKey
SSDT 86556A4E FUJ02E3.exe [3580.3752] ZwOpenProcess
SSDT 86556AD6 FUJ02E3.exe [3580.3752] ZwOpenThread
SSDT 8655738B FUJ02E3.exe [3580.3752] ZwProtectVirtualMemory
SSDT 86557562 FUJ02E3.exe [3580.3752] ZwQueryDirectoryFile
SSDT 865568FB FUJ02E3.exe [3580.3752] ZwQuerySystemInformation
SSDT 8655729F FUJ02E3.exe [3580.3752] ZwReadVirtualMemory
SSDT 88B21980 FUJ02E3.exe [3580.3752] ZwResumeThread
SSDT 86556CA1 FUJ02E3.exe [3580.3752] ZwSetContextThread
SSDT 86557034 FUJ02E3.exe [3580.3752] ZwSetValueKey
SSDT 86554C9F FUJ02E3.exe [3580.3752] ZwShutdownSystem
SSDT 86556C2E FUJ02E3.exe [3580.3752] ZwSuspendThread
SSDT 86556BBB FUJ02E3.exe [3580.3752] ZwTerminateThread
SSDT 86557315 FUJ02E3.exe [3580.3752] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread QuickTouch.exe [3612:3616] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 QuickTouch.exe [3612.3616] ZwAlpcConnectPort
SSDT 88B892D0 QuickTouch.exe [3612.3616] ZwCreateThread
SSDT 86557146 QuickTouch.exe [3612.3616] ZwDeleteValueKey
SSDT 86556DDE QuickTouch.exe [3612.3616] ZwEnumerateKey
SSDT 86556EF7 QuickTouch.exe [3612.3616] ZwEnumerateValueKey
SSDT 88A73C78 QuickTouch.exe [3612.3616] ZwLoadDriver
SSDT 86556D14 QuickTouch.exe [3612.3616] ZwOpenKey
SSDT 86556A4E QuickTouch.exe [3612.3616] ZwOpenProcess
SSDT 86556AD6 QuickTouch.exe [3612.3616] ZwOpenThread
SSDT 8655738B QuickTouch.exe [3612.3616] ZwProtectVirtualMemory
SSDT 86557562 QuickTouch.exe [3612.3616] ZwQueryDirectoryFile
SSDT 865568FB QuickTouch.exe [3612.3616] ZwQuerySystemInformation
SSDT 8655729F QuickTouch.exe [3612.3616] ZwReadVirtualMemory
SSDT 88B21980 QuickTouch.exe [3612.3616] ZwResumeThread
SSDT 86556CA1 QuickTouch.exe [3612.3616] ZwSetContextThread
SSDT 86557034 QuickTouch.exe [3612.3616] ZwSetValueKey
SSDT 86554C9F QuickTouch.exe [3612.3616] ZwShutdownSystem
SSDT 86556C2E QuickTouch.exe [3612.3616] ZwSuspendThread
SSDT 86556BBB QuickTouch.exe [3612.3616] ZwTerminateThread
SSDT 86557315 QuickTouch.exe [3612.3616] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread Hidfind.exe [3644:2952] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 Hidfind.exe [3644.2952] ZwAlpcConnectPort
SSDT 88B892D0 Hidfind.exe [3644.2952] ZwCreateThread
SSDT 86557146 Hidfind.exe [3644.2952] ZwDeleteValueKey
SSDT 86556DDE Hidfind.exe [3644.2952] ZwEnumerateKey
SSDT 86556EF7 Hidfind.exe [3644.2952] ZwEnumerateValueKey
SSDT 88A73C78 Hidfind.exe [3644.2952] ZwLoadDriver
SSDT 86556D14 Hidfind.exe [3644.2952] ZwOpenKey
SSDT 86556A4E Hidfind.exe [3644.2952] ZwOpenProcess
SSDT 86556AD6 Hidfind.exe [3644.2952] ZwOpenThread
SSDT 8655738B Hidfind.exe [3644.2952] ZwProtectVirtualMemory
SSDT 86557562 Hidfind.exe [3644.2952] ZwQueryDirectoryFile
SSDT 865568FB Hidfind.exe [3644.2952] ZwQuerySystemInformation
SSDT 8655729F Hidfind.exe [3644.2952] ZwReadVirtualMemory
SSDT 88B21980 Hidfind.exe [3644.2952] ZwResumeThread
SSDT 86556CA1 Hidfind.exe [3644.2952] ZwSetContextThread
SSDT 86557034 Hidfind.exe [3644.2952] ZwSetValueKey
SSDT 86554C9F Hidfind.exe [3644.2952] ZwShutdownSystem
SSDT 86556C2E Hidfind.exe [3644.2952] ZwSuspendThread
SSDT 86556BBB Hidfind.exe [3644.2952] ZwTerminateThread
SSDT 86557315 Hidfind.exe [3644.2952] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread BtnHnd.exe [3676:3680] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 BtnHnd.exe [3676.3680] ZwAlpcConnectPort
SSDT 88B892D0 BtnHnd.exe [3676.3680] ZwCreateThread
SSDT 86557146 BtnHnd.exe [3676.3680] ZwDeleteValueKey
SSDT 86556DDE BtnHnd.exe [3676.3680] ZwEnumerateKey
SSDT 86556EF7 BtnHnd.exe [3676.3680] ZwEnumerateValueKey
SSDT 88A73C78 BtnHnd.exe [3676.3680] ZwLoadDriver
SSDT 86556D14 BtnHnd.exe [3676.3680] ZwOpenKey
SSDT 86556A4E BtnHnd.exe [3676.3680] ZwOpenProcess
SSDT 86556AD6 BtnHnd.exe [3676.3680] ZwOpenThread
SSDT 8655738B BtnHnd.exe [3676.3680] ZwProtectVirtualMemory
SSDT 86557562 BtnHnd.exe [3676.3680] ZwQueryDirectoryFile
SSDT 865568FB BtnHnd.exe [3676.3680] ZwQuerySystemInformation
SSDT 8655729F BtnHnd.exe [3676.3680] ZwReadVirtualMemory
SSDT 88B21980 BtnHnd.exe [3676.3680] ZwResumeThread
SSDT 86556CA1 BtnHnd.exe [3676.3680] ZwSetContextThread
SSDT 86557034 BtnHnd.exe [3676.3680] ZwSetValueKey
SSDT 86554C9F BtnHnd.exe [3676.3680] ZwShutdownSystem
SSDT 86556C2E BtnHnd.exe [3676.3680] ZwSuspendThread
SSDT 86556BBB BtnHnd.exe [3676.3680] ZwTerminateThread
SSDT 86557315 BtnHnd.exe [3676.3680] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread BtnHnd.exe [3676:3760] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 BtnHnd.exe [3676.3760] ZwAlpcConnectPort
SSDT 88B892D0 BtnHnd.exe [3676.3760] ZwCreateThread
SSDT 86557146 BtnHnd.exe [3676.3760] ZwDeleteValueKey
SSDT 86556DDE BtnHnd.exe [3676.3760] ZwEnumerateKey
SSDT 86556EF7 BtnHnd.exe [3676.3760] ZwEnumerateValueKey
SSDT 88A73C78 BtnHnd.exe [3676.3760] ZwLoadDriver
SSDT 86556D14 BtnHnd.exe [3676.3760] ZwOpenKey
SSDT 86556A4E BtnHnd.exe [3676.3760] ZwOpenProcess
SSDT 86556AD6 BtnHnd.exe [3676.3760] ZwOpenThread
SSDT 8655738B BtnHnd.exe [3676.3760] ZwProtectVirtualMemory
SSDT 86557562 BtnHnd.exe [3676.3760] ZwQueryDirectoryFile
SSDT 865568FB BtnHnd.exe [3676.3760] ZwQuerySystemInformation
SSDT 8655729F BtnHnd.exe [3676.3760] ZwReadVirtualMemory
SSDT 88B21980 BtnHnd.exe [3676.3760] ZwResumeThread
SSDT 86556CA1 BtnHnd.exe [3676.3760] ZwSetContextThread
SSDT 86557034 BtnHnd.exe [3676.3760] ZwSetValueKey
SSDT 86554C9F BtnHnd.exe [3676.3760] ZwShutdownSystem
SSDT 86556C2E BtnHnd.exe [3676.3760] ZwSuspendThread
SSDT 86556BBB BtnHnd.exe [3676.3760] ZwTerminateThread
SSDT 86557315 BtnHnd.exe [3676.3760] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread BtnHnd.exe [3676:4048] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 BtnHnd.exe [3676.4048] ZwAlpcConnectPort
SSDT 88B892D0 BtnHnd.exe [3676.4048] ZwCreateThread
SSDT 86557146 BtnHnd.exe [3676.4048] ZwDeleteValueKey
SSDT 86556DDE BtnHnd.exe [3676.4048] ZwEnumerateKey
SSDT 86556EF7 BtnHnd.exe [3676.4048] ZwEnumerateValueKey
SSDT 88A73C78 BtnHnd.exe [3676.4048] ZwLoadDriver
SSDT 86556D14 BtnHnd.exe [3676.4048] ZwOpenKey
SSDT 86556A4E BtnHnd.exe [3676.4048] ZwOpenProcess
SSDT 86556AD6 BtnHnd.exe [3676.4048] ZwOpenThread
SSDT 8655738B BtnHnd.exe [3676.4048] ZwProtectVirtualMemory
SSDT 86557562 BtnHnd.exe [3676.4048] ZwQueryDirectoryFile
SSDT 865568FB BtnHnd.exe [3676.4048] ZwQuerySystemInformation
SSDT 8655729F BtnHnd.exe [3676.4048] ZwReadVirtualMemory
SSDT 88B21980 BtnHnd.exe [3676.4048] ZwResumeThread
SSDT 86556CA1 BtnHnd.exe [3676.4048] ZwSetContextThread
SSDT 86557034 BtnHnd.exe [3676.4048] ZwSetValueKey
SSDT 86554C9F BtnHnd.exe [3676.4048] ZwShutdownSystem
SSDT 86556C2E BtnHnd.exe [3676.4048] ZwSuspendThread
SSDT 86556BBB BtnHnd.exe [3676.4048] ZwTerminateThread
SSDT 86557315 BtnHnd.exe [3676.4048] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread PDVDServ.exe [3780:3784] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 PDVDServ.exe [3780.3784] ZwAlpcConnectPort
SSDT 88B892D0 PDVDServ.exe [3780.3784] ZwCreateThread
SSDT 86557146 PDVDServ.exe [3780.3784] ZwDeleteValueKey
SSDT 86556DDE PDVDServ.exe [3780.3784] ZwEnumerateKey
SSDT 86556EF7 PDVDServ.exe [3780.3784] ZwEnumerateValueKey
SSDT 88A73C78 PDVDServ.exe [3780.3784] ZwLoadDriver
SSDT 86556D14 PDVDServ.exe [3780.3784] ZwOpenKey
SSDT 86556A4E PDVDServ.exe [3780.3784] ZwOpenProcess
SSDT 86556AD6 PDVDServ.exe [3780.3784] ZwOpenThread
SSDT 8655738B PDVDServ.exe [3780.3784] ZwProtectVirtualMemory
SSDT 86557562 PDVDServ.exe [3780.3784] ZwQueryDirectoryFile
SSDT 865568FB PDVDServ.exe [3780.3784] ZwQuerySystemInformation
SSDT 8655729F PDVDServ.exe [3780.3784] ZwReadVirtualMemory
SSDT 88B21980 PDVDServ.exe [3780.3784] ZwResumeThread
SSDT 86556CA1 PDVDServ.exe [3780.3784] ZwSetContextThread
SSDT 86557034 PDVDServ.exe [3780.3784] ZwSetValueKey
SSDT 86554C9F PDVDServ.exe [3780.3784] ZwShutdownSystem
SSDT 86556C2E PDVDServ.exe [3780.3784] ZwSuspendThread
SSDT 86556BBB PDVDServ.exe [3780.3784] ZwTerminateThread
SSDT 86557315 PDVDServ.exe [3780.3784] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread PDVDServ.exe [3780:5236] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 PDVDServ.exe [3780.5236] ZwAlpcConnectPort
SSDT 88B892D0 PDVDServ.exe [3780.5236] ZwCreateThread
SSDT 86557146 PDVDServ.exe [3780.5236] ZwDeleteValueKey
SSDT 86556DDE PDVDServ.exe [3780.5236] ZwEnumerateKey
SSDT 86556EF7 PDVDServ.exe [3780.5236] ZwEnumerateValueKey
SSDT 88A73C78 PDVDServ.exe [3780.5236] ZwLoadDriver
SSDT 86556D14 PDVDServ.exe [3780.5236] ZwOpenKey
SSDT 86556A4E PDVDServ.exe [3780.5236] ZwOpenProcess
SSDT 86556AD6 PDVDServ.exe [3780.5236] ZwOpenThread
SSDT 8655738B PDVDServ.exe [3780.5236] ZwProtectVirtualMemory
SSDT 86557562 PDVDServ.exe [3780.5236] ZwQueryDirectoryFile
SSDT 865568FB PDVDServ.exe [3780.5236] ZwQuerySystemInformation
SSDT 8655729F PDVDServ.exe [3780.5236] ZwReadVirtualMemory
SSDT 88B21980 PDVDServ.exe [3780.5236] ZwResumeThread
SSDT 86556CA1 PDVDServ.exe [3780.5236] ZwSetContextThread
SSDT 86557034 PDVDServ.exe [3780.5236] ZwSetValueKey
SSDT 86554C9F PDVDServ.exe [3780.5236] ZwShutdownSystem
SSDT 86556C2E PDVDServ.exe [3780.5236] ZwSuspendThread
SSDT 86556BBB PDVDServ.exe [3780.5236] ZwTerminateThread
SSDT 86557315 PDVDServ.exe [3780.5236] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:3832] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.3832] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.3832] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.3832] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.3832] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.3832] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.3832] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.3832] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.3832] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.3832] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.3832] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.3832] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.3832] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.3832] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.3832] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.3832] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.3832] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.3832] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.3832] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.3832] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.3832] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:4020] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.4020] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.4020] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.4020] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.4020] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.4020] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.4020] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.4020] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.4020] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.4020] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.4020] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.4020] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.4020] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.4020] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.4020] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.4020] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.4020] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.4020] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.4020] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.4020] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.4020] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:4032] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.4032] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.4032] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.4032] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.4032] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.4032] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.4032] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.4032] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.4032] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.4032] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.4032] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.4032] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.4032] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.4032] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.4032] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.4032] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.4032] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.4032] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.4032] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.4032] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.4032] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:4040] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.4040] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.4040] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.4040] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.4040] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.4040] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.4040] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.4040] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.4040] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.4040] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.4040] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.4040] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.4040] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.4040] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.4040] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.4040] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.4040] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.4040] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.4040] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.4040] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.4040] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:4060] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.4060] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.4060] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.4060] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.4060] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.4060] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.4060] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.4060] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.4060] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.4060] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.4060] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.4060] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.4060] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.4060] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.4060] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.4060] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.4060] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.4060] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.4060] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.4060] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.4060] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:4068] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.4068] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.4068] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.4068] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.4068] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.4068] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.4068] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.4068] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.4068] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.4068] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.4068] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.4068] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.4068] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.4068] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.4068] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.4068] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.4068] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.4068] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.4068] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.4068] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.4068] ZwWriteVirtualMemory





#13 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:12 PM

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:4072] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.4072] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.4072] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.4072] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.4072] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.4072] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.4072] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.4072] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.4072] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.4072] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.4072] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.4072] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.4072] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.4072] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.4072] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.4072] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.4072] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.4072] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.4072] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.4072] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.4072] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread ATSwpNav.exe [3828:3116] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 ATSwpNav.exe [3828.3116] ZwAlpcConnectPort
SSDT 88B892D0 ATSwpNav.exe [3828.3116] ZwCreateThread
SSDT 86557146 ATSwpNav.exe [3828.3116] ZwDeleteValueKey
SSDT 86556DDE ATSwpNav.exe [3828.3116] ZwEnumerateKey
SSDT 86556EF7 ATSwpNav.exe [3828.3116] ZwEnumerateValueKey
SSDT 88A73C78 ATSwpNav.exe [3828.3116] ZwLoadDriver
SSDT 86556D14 ATSwpNav.exe [3828.3116] ZwOpenKey
SSDT 86556A4E ATSwpNav.exe [3828.3116] ZwOpenProcess
SSDT 86556AD6 ATSwpNav.exe [3828.3116] ZwOpenThread
SSDT 8655738B ATSwpNav.exe [3828.3116] ZwProtectVirtualMemory
SSDT 86557562 ATSwpNav.exe [3828.3116] ZwQueryDirectoryFile
SSDT 865568FB ATSwpNav.exe [3828.3116] ZwQuerySystemInformation
SSDT 8655729F ATSwpNav.exe [3828.3116] ZwReadVirtualMemory
SSDT 88B21980 ATSwpNav.exe [3828.3116] ZwResumeThread
SSDT 86556CA1 ATSwpNav.exe [3828.3116] ZwSetContextThread
SSDT 86557034 ATSwpNav.exe [3828.3116] ZwSetValueKey
SSDT 86554C9F ATSwpNav.exe [3828.3116] ZwShutdownSystem
SSDT 86556C2E ATSwpNav.exe [3828.3116] ZwSuspendThread
SSDT 86556BBB ATSwpNav.exe [3828.3116] ZwTerminateThread
SSDT 86557315 ATSwpNav.exe [3828.3116] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread opvapp.exe [3840:3844] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 opvapp.exe [3840.3844] ZwAlpcConnectPort
SSDT 88B892D0 opvapp.exe [3840.3844] ZwCreateThread
SSDT 86557146 opvapp.exe [3840.3844] ZwDeleteValueKey
SSDT 86556DDE opvapp.exe [3840.3844] ZwEnumerateKey
SSDT 86556EF7 opvapp.exe [3840.3844] ZwEnumerateValueKey
SSDT 88A73C78 opvapp.exe [3840.3844] ZwLoadDriver
SSDT 86556D14 opvapp.exe [3840.3844] ZwOpenKey
SSDT 86556A4E opvapp.exe [3840.3844] ZwOpenProcess
SSDT 86556AD6 opvapp.exe [3840.3844] ZwOpenThread
SSDT 8655738B opvapp.exe [3840.3844] ZwProtectVirtualMemory
SSDT 86557562 opvapp.exe [3840.3844] ZwQueryDirectoryFile
SSDT 865568FB opvapp.exe [3840.3844] ZwQuerySystemInformation
SSDT 8655729F opvapp.exe [3840.3844] ZwReadVirtualMemory
SSDT 88B21980 opvapp.exe [3840.3844] ZwResumeThread
SSDT 86556CA1 opvapp.exe [3840.3844] ZwSetContextThread
SSDT 86557034 opvapp.exe [3840.3844] ZwSetValueKey
SSDT 86554C9F opvapp.exe [3840.3844] ZwShutdownSystem
SSDT 86556C2E opvapp.exe [3840.3844] ZwSuspendThread
SSDT 86556BBB opvapp.exe [3840.3844] ZwTerminateThread
SSDT 86557315 opvapp.exe [3840.3844] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread opvapp.exe [3840:3924] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 opvapp.exe [3840.3924] ZwAlpcConnectPort
SSDT 88B892D0 opvapp.exe [3840.3924] ZwCreateThread
SSDT 86557146 opvapp.exe [3840.3924] ZwDeleteValueKey
SSDT 86556DDE opvapp.exe [3840.3924] ZwEnumerateKey
SSDT 86556EF7 opvapp.exe [3840.3924] ZwEnumerateValueKey
SSDT 88A73C78 opvapp.exe [3840.3924] ZwLoadDriver
SSDT 86556D14 opvapp.exe [3840.3924] ZwOpenKey
SSDT 86556A4E opvapp.exe [3840.3924] ZwOpenProcess
SSDT 86556AD6 opvapp.exe [3840.3924] ZwOpenThread
SSDT 8655738B opvapp.exe [3840.3924] ZwProtectVirtualMemory
SSDT 86557562 opvapp.exe [3840.3924] ZwQueryDirectoryFile
SSDT 865568FB opvapp.exe [3840.3924] ZwQuerySystemInformation
SSDT 8655729F opvapp.exe [3840.3924] ZwReadVirtualMemory
SSDT 88B21980 opvapp.exe [3840.3924] ZwResumeThread
SSDT 86556CA1 opvapp.exe [3840.3924] ZwSetContextThread
SSDT 86557034 opvapp.exe [3840.3924] ZwSetValueKey
SSDT 86554C9F opvapp.exe [3840.3924] ZwShutdownSystem
SSDT 86556C2E opvapp.exe [3840.3924] ZwSuspendThread
SSDT 86556BBB opvapp.exe [3840.3924] ZwTerminateThread
SSDT 86557315 opvapp.exe [3840.3924] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread opvapp.exe [3840:3928] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 opvapp.exe [3840.3928] ZwAlpcConnectPort
SSDT 88B892D0 opvapp.exe [3840.3928] ZwCreateThread
SSDT 86557146 opvapp.exe [3840.3928] ZwDeleteValueKey
SSDT 86556DDE opvapp.exe [3840.3928] ZwEnumerateKey
SSDT 86556EF7 opvapp.exe [3840.3928] ZwEnumerateValueKey
SSDT 88A73C78 opvapp.exe [3840.3928] ZwLoadDriver
SSDT 86556D14 opvapp.exe [3840.3928] ZwOpenKey
SSDT 86556A4E opvapp.exe [3840.3928] ZwOpenProcess
SSDT 86556AD6 opvapp.exe [3840.3928] ZwOpenThread
SSDT 8655738B opvapp.exe [3840.3928] ZwProtectVirtualMemory
SSDT 86557562 opvapp.exe [3840.3928] ZwQueryDirectoryFile
SSDT 865568FB opvapp.exe [3840.3928] ZwQuerySystemInformation
SSDT 8655729F opvapp.exe [3840.3928] ZwReadVirtualMemory
SSDT 88B21980 opvapp.exe [3840.3928] ZwResumeThread
SSDT 86556CA1 opvapp.exe [3840.3928] ZwSetContextThread
SSDT 86557034 opvapp.exe [3840.3928] ZwSetValueKey
SSDT 86554C9F opvapp.exe [3840.3928] ZwShutdownSystem
SSDT 86556C2E opvapp.exe [3840.3928] ZwSuspendThread
SSDT 86556BBB opvapp.exe [3840.3928] ZwTerminateThread
SSDT 86557315 opvapp.exe [3840.3928] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread opvapp.exe [3840:3952] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 opvapp.exe [3840.3952] ZwAlpcConnectPort
SSDT 88B892D0 opvapp.exe [3840.3952] ZwCreateThread
SSDT 86557146 opvapp.exe [3840.3952] ZwDeleteValueKey
SSDT 86556DDE opvapp.exe [3840.3952] ZwEnumerateKey
SSDT 86556EF7 opvapp.exe [3840.3952] ZwEnumerateValueKey
SSDT 88A73C78 opvapp.exe [3840.3952] ZwLoadDriver
SSDT 86556D14 opvapp.exe [3840.3952] ZwOpenKey
SSDT 86556A4E opvapp.exe [3840.3952] ZwOpenProcess
SSDT 86556AD6 opvapp.exe [3840.3952] ZwOpenThread
SSDT 8655738B opvapp.exe [3840.3952] ZwProtectVirtualMemory
SSDT 86557562 opvapp.exe [3840.3952] ZwQueryDirectoryFile
SSDT 865568FB opvapp.exe [3840.3952] ZwQuerySystemInformation
SSDT 8655729F opvapp.exe [3840.3952] ZwReadVirtualMemory
SSDT 88B21980 opvapp.exe [3840.3952] ZwResumeThread
SSDT 86556CA1 opvapp.exe [3840.3952] ZwSetContextThread
SSDT 86557034 opvapp.exe [3840.3952] ZwSetValueKey
SSDT 86554C9F opvapp.exe [3840.3952] ZwShutdownSystem
SSDT 86556C2E opvapp.exe [3840.3952] ZwSuspendThread
SSDT 86556BBB opvapp.exe [3840.3952] ZwTerminateThread
SSDT 86557315 opvapp.exe [3840.3952] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread opvapp.exe [3840:3956] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 opvapp.exe [3840.3956] ZwAlpcConnectPort
SSDT 88B892D0 opvapp.exe [3840.3956] ZwCreateThread
SSDT 86557146 opvapp.exe [3840.3956] ZwDeleteValueKey
SSDT 86556DDE opvapp.exe [3840.3956] ZwEnumerateKey
SSDT 86556EF7 opvapp.exe [3840.3956] ZwEnumerateValueKey
SSDT 88A73C78 opvapp.exe [3840.3956] ZwLoadDriver
SSDT 86556D14 opvapp.exe [3840.3956] ZwOpenKey
SSDT 86556A4E opvapp.exe [3840.3956] ZwOpenProcess
SSDT 86556AD6 opvapp.exe [3840.3956] ZwOpenThread
SSDT 8655738B opvapp.exe [3840.3956] ZwProtectVirtualMemory
SSDT 86557562 opvapp.exe [3840.3956] ZwQueryDirectoryFile
SSDT 865568FB opvapp.exe [3840.3956] ZwQuerySystemInformation
SSDT 8655729F opvapp.exe [3840.3956] ZwReadVirtualMemory
SSDT 88B21980 opvapp.exe [3840.3956] ZwResumeThread
SSDT 86556CA1 opvapp.exe [3840.3956] ZwSetContextThread
SSDT 86557034 opvapp.exe [3840.3956] ZwSetValueKey
SSDT 86554C9F opvapp.exe [3840.3956] ZwShutdownSystem
SSDT 86556C2E opvapp.exe [3840.3956] ZwSuspendThread
SSDT 86556BBB opvapp.exe [3840.3956] ZwTerminateThread
SSDT 86557315 opvapp.exe [3840.3956] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread opvapp.exe [3840:3960] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 opvapp.exe [3840.3960] ZwAlpcConnectPort
SSDT 88B892D0 opvapp.exe [3840.3960] ZwCreateThread
SSDT 86557146 opvapp.exe [3840.3960] ZwDeleteValueKey
SSDT 86556DDE opvapp.exe [3840.3960] ZwEnumerateKey
SSDT 86556EF7 opvapp.exe [3840.3960] ZwEnumerateValueKey
SSDT 88A73C78 opvapp.exe [3840.3960] ZwLoadDriver
SSDT 86556D14 opvapp.exe [3840.3960] ZwOpenKey
SSDT 86556A4E opvapp.exe [3840.3960] ZwOpenProcess
SSDT 86556AD6 opvapp.exe [3840.3960] ZwOpenThread
SSDT 8655738B opvapp.exe [3840.3960] ZwProtectVirtualMemory
SSDT 86557562 opvapp.exe [3840.3960] ZwQueryDirectoryFile
SSDT 865568FB opvapp.exe [3840.3960] ZwQuerySystemInformation
SSDT 8655729F opvapp.exe [3840.3960] ZwReadVirtualMemory
SSDT 88B21980 opvapp.exe [3840.3960] ZwResumeThread
SSDT 86556CA1 opvapp.exe [3840.3960] ZwSetContextThread
SSDT 86557034 opvapp.exe [3840.3960] ZwSetValueKey
SSDT 86554C9F opvapp.exe [3840.3960] ZwShutdownSystem
SSDT 86556C2E opvapp.exe [3840.3960] ZwSuspendThread
SSDT 86556BBB opvapp.exe [3840.3960] ZwTerminateThread
SSDT 86557315 opvapp.exe [3840.3960] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3852] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3852] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3852] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3852] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3852] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3852] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3852] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3852] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3852] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3852] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3852] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3852] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3852] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3852] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3852] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3852] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3852] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3852] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3852] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3852] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3852] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:1856] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.1856] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.1856] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.1856] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.1856] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.1856] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.1856] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.1856] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.1856] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.1856] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.1856] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.1856] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.1856] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.1856] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.1856] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.1856] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.1856] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.1856] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.1856] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.1856] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.1856] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3632] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3632] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3632] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3632] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3632] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3632] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3632] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3632] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3632] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3632] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3632] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3632] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3632] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3632] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3632] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3632] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3632] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3632] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3632] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3632] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3632] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3668] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3668] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3668] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3668] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3668] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3668] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3668] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3668] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3668] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3668] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3668] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3668] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3668] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3668] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3668] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3668] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3668] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3668] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3668] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3668] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3668] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3648] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3648] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3648] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3648] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3648] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3648] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3648] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3648] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3648] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3648] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3648] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3648] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3648] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3648] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3648] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3648] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3648] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3648] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3648] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3648] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3648] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3636] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3636] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3636] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3636] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3636] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3636] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3636] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3636] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3636] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3636] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3636] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3636] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3636] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3636] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3636] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3636] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3636] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3636] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3636] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3636] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3636] ZwWriteVirtualMemory
SSDT 88A73ED8 scureapp.exe [3848.3700] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3700] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3700] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3700] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3700] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3700] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3700] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3700] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3700] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3700] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3700] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3700] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3700] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3700] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3700] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3700] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3700] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3700] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3700] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3700] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:2856] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.2856] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.2856] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.2856] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.2856] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.2856] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.2856] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.2856] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.2856] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.2856] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.2856] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.2856] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.2856] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.2856] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.2856] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.2856] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.2856] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.2856] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.2856] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.2856] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.2856] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:2916] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.2916] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.2916] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.2916] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.2916] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.2916] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.2916] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.2916] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.2916] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.2916] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.2916] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.2916] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.2916] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.2916] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.2916] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.2916] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.2916] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.2916] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.2916] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.2916] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.2916] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:1880] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.1880] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.1880] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.1880] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.1880] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.1880] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.1880] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.1880] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.1880] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.1880] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.1880] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.1880] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.1880] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.1880] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.1880] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.1880] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.1880] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.1880] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.1880] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.1880] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.1880] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:2868] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.2868] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.2868] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.2868] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.2868] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.2868] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.2868] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.2868] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.2868] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.2868] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.2868] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.2868] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.2868] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.2868] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.2868] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.2868] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.2868] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.2868] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.2868] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.2868] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.2868] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:1148] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.1148] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.1148] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.1148] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.1148] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.1148] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.1148] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.1148] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.1148] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.1148] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.1148] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.1148] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.1148] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.1148] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.1148] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.1148] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.1148] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.1148] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.1148] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.1148] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.1148] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3148] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3148] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3148] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3148] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3148] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3148] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3148] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3148] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3148] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3148] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3148] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3148] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3148] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3148] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3148] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3148] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3148] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3148] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3148] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3148] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3148] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:3292] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.3292] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.3292] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.3292] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.3292] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.3292] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.3292] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.3292] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.3292] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.3292] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.3292] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.3292] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.3292] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.3292] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.3292] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.3292] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.3292] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.3292] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.3292] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.3292] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.3292] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:1524] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.1524] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.1524] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.1524] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.1524] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.1524] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.1524] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.1524] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.1524] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.1524] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.1524] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.1524] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.1524] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.1524] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.1524] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.1524] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.1524] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.1524] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.1524] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.1524] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.1524] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:4232] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.4232] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.4232] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.4232] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.4232] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.4232] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.4232] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.4232] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.4232] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.4232] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.4232] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.4232] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.4232] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.4232] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.4232] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.4232] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.4232] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.4232] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.4232] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.4232] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.4232] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread scureapp.exe [3848:6624] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 scureapp.exe [3848.6624] ZwAlpcConnectPort
SSDT 88B892D0 scureapp.exe [3848.6624] ZwCreateThread
SSDT 86557146 scureapp.exe [3848.6624] ZwDeleteValueKey
SSDT 86556DDE scureapp.exe [3848.6624] ZwEnumerateKey
SSDT 86556EF7 scureapp.exe [3848.6624] ZwEnumerateValueKey
SSDT 88A73C78 scureapp.exe [3848.6624] ZwLoadDriver
SSDT 86556D14 scureapp.exe [3848.6624] ZwOpenKey
SSDT 86556A4E scureapp.exe [3848.6624] ZwOpenProcess
SSDT 86556AD6 scureapp.exe [3848.6624] ZwOpenThread
SSDT 8655738B scureapp.exe [3848.6624] ZwProtectVirtualMemory
SSDT 86557562 scureapp.exe [3848.6624] ZwQueryDirectoryFile
SSDT 865568FB scureapp.exe [3848.6624] ZwQuerySystemInformation
SSDT 8655729F scureapp.exe [3848.6624] ZwReadVirtualMemory
SSDT 88B21980 scureapp.exe [3848.6624] ZwResumeThread
SSDT 86556CA1 scureapp.exe [3848.6624] ZwSetContextThread
SSDT 86557034 scureapp.exe [3848.6624] ZwSetValueKey
SSDT 86554C9F scureapp.exe [3848.6624] ZwShutdownSystem
SSDT 86556C2E scureapp.exe [3848.6624] ZwSuspendThread
SSDT 86556BBB scureapp.exe [3848.6624] ZwTerminateThread
SSDT 86557315 scureapp.exe [3848.6624] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread PicasaMediaDetector.exe [3872:3876] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 PicasaMediaDetector.exe [3872.3876] ZwAlpcConnectPort
SSDT 88B892D0 PicasaMediaDetector.exe [3872.3876] ZwCreateThread
SSDT 86557146 PicasaMediaDetector.exe [3872.3876] ZwDeleteValueKey
SSDT 86556DDE PicasaMediaDetector.exe [3872.3876] ZwEnumerateKey
SSDT 86556EF7 PicasaMediaDetector.exe [3872.3876] ZwEnumerateValueKey
SSDT 88A73C78 PicasaMediaDetector.exe [3872.3876] ZwLoadDriver
SSDT 86556D14 PicasaMediaDetector.exe [3872.3876] ZwOpenKey
SSDT 86556A4E PicasaMediaDetector.exe [3872.3876] ZwOpenProcess
SSDT 86556AD6 PicasaMediaDetector.exe [3872.3876] ZwOpenThread
SSDT 8655738B PicasaMediaDetector.exe [3872.3876] ZwProtectVirtualMemory
SSDT 86557562 PicasaMediaDetector.exe [3872.3876] ZwQueryDirectoryFile
SSDT 865568FB PicasaMediaDetector.exe [3872.3876] ZwQuerySystemInformation
SSDT 8655729F PicasaMediaDetector.exe [3872.3876] ZwReadVirtualMemory
SSDT 88B21980 PicasaMediaDetector.exe [3872.3876] ZwResumeThread
SSDT 86556CA1 PicasaMediaDetector.exe [3872.3876] ZwSetContextThread
SSDT 86557034 PicasaMediaDetector.exe [3872.3876] ZwSetValueKey
SSDT 86554C9F PicasaMediaDetector.exe [3872.3876] ZwShutdownSystem
SSDT 86556C2E PicasaMediaDetector.exe [3872.3876] ZwSuspendThread
SSDT 86556BBB PicasaMediaDetector.exe [3872.3876] ZwTerminateThread
SSDT 86557315 PicasaMediaDetector.exe [3872.3876] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread PicasaMediaDetector.exe [3872:3568] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 PicasaMediaDetector.exe [3872.3568] ZwAlpcConnectPort
SSDT 88B892D0 PicasaMediaDetector.exe [3872.3568] ZwCreateThread
SSDT 86557146 PicasaMediaDetector.exe [3872.3568] ZwDeleteValueKey
SSDT 86556DDE PicasaMediaDetector.exe [3872.3568] ZwEnumerateKey
SSDT 86556EF7 PicasaMediaDetector.exe [3872.3568] ZwEnumerateValueKey
SSDT 88A73C78 PicasaMediaDetector.exe [3872.3568] ZwLoadDriver
SSDT 86556D14 PicasaMediaDetector.exe [3872.3568] ZwOpenKey
SSDT 86556A4E PicasaMediaDetector.exe [3872.3568] ZwOpenProcess
SSDT 86556AD6 PicasaMediaDetector.exe [3872.3568] ZwOpenThread
SSDT 8655738B PicasaMediaDetector.exe [3872.3568] ZwProtectVirtualMemory
SSDT 86557562 PicasaMediaDetector.exe [3872.3568] ZwQueryDirectoryFile
SSDT 865568FB PicasaMediaDetector.exe [3872.3568] ZwQuerySystemInformation
SSDT 8655729F PicasaMediaDetector.exe [3872.3568] ZwReadVirtualMemory
SSDT 88B21980 PicasaMediaDetector.exe [3872.3568] ZwResumeThread
SSDT 86556CA1 PicasaMediaDetector.exe [3872.3568] ZwSetContextThread
SSDT 86557034 PicasaMediaDetector.exe [3872.3568] ZwSetValueKey
SSDT 86554C9F PicasaMediaDetector.exe [3872.3568] ZwShutdownSystem
SSDT 86556C2E PicasaMediaDetector.exe [3872.3568] ZwSuspendThread
SSDT 86556BBB PicasaMediaDetector.exe [3872.3568] ZwTerminateThread
SSDT 86557315 PicasaMediaDetector.exe [3872.3568] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread PicasaMediaDetector.exe [3872:4928] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 PicasaMediaDetector.exe [3872.4928] ZwAlpcConnectPort
SSDT 88B892D0 PicasaMediaDetector.exe [3872.4928] ZwCreateThread
SSDT 86557146 PicasaMediaDetector.exe [3872.4928] ZwDeleteValueKey
SSDT 86556DDE PicasaMediaDetector.exe [3872.4928] ZwEnumerateKey
SSDT 86556EF7 PicasaMediaDetector.exe [3872.4928] ZwEnumerateValueKey
SSDT 88A73C78 PicasaMediaDetector.exe [3872.4928] ZwLoadDriver
SSDT 86556D14 PicasaMediaDetector.exe [3872.4928] ZwOpenKey
SSDT 86556A4E PicasaMediaDetector.exe [3872.4928] ZwOpenProcess
SSDT 86556AD6 PicasaMediaDetector.exe [3872.4928] ZwOpenThread
SSDT 8655738B PicasaMediaDetector.exe [3872.4928] ZwProtectVirtualMemory
SSDT 86557562 PicasaMediaDetector.exe [3872.4928] ZwQueryDirectoryFile
SSDT 865568FB PicasaMediaDetector.exe [3872.4928] ZwQuerySystemInformation
SSDT 8655729F PicasaMediaDetector.exe [3872.4928] ZwReadVirtualMemory
SSDT 88B21980 PicasaMediaDetector.exe [3872.4928] ZwResumeThread
SSDT 86556CA1 PicasaMediaDetector.exe [3872.4928] ZwSetContextThread
SSDT 86557034 PicasaMediaDetector.exe [3872.4928] ZwSetValueKey
SSDT 86554C9F PicasaMediaDetector.exe [3872.4928] ZwShutdownSystem
SSDT 86556C2E PicasaMediaDetector.exe [3872.4928] ZwSuspendThread
SSDT 86556BBB PicasaMediaDetector.exe [3872.4928] ZwTerminateThread
SSDT 86557315 PicasaMediaDetector.exe [3872.4928] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread updatenv.exe [3892:3896] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 updatenv.exe [3892.3896] ZwAlpcConnectPort
SSDT 88B892D0 updatenv.exe [3892.3896] ZwCreateThread
SSDT 86557146 updatenv.exe [3892.3896] ZwDeleteValueKey
SSDT 86556DDE updatenv.exe [3892.3896] ZwEnumerateKey
SSDT 86556EF7 updatenv.exe [3892.3896] ZwEnumerateValueKey
SSDT 88A73C78 updatenv.exe [3892.3896] ZwLoadDriver
SSDT 86556D14 updatenv.exe [3892.3896] ZwOpenKey
SSDT 86556A4E updatenv.exe [3892.3896] ZwOpenProcess
SSDT 86556AD6 updatenv.exe [3892.3896] ZwOpenThread
SSDT 8655738B updatenv.exe [3892.3896] ZwProtectVirtualMemory
SSDT 86557562 updatenv.exe [3892.3896] ZwQueryDirectoryFile
SSDT 865568FB updatenv.exe [3892.3896] ZwQuerySystemInformation
SSDT 8655729F updatenv.exe [3892.3896] ZwReadVirtualMemory
SSDT 88B21980 updatenv.exe [3892.3896] ZwResumeThread
SSDT 86556CA1 updatenv.exe [3892.3896] ZwSetContextThread
SSDT 86557034 updatenv.exe [3892.3896] ZwSetValueKey
SSDT 86554C9F updatenv.exe [3892.3896] ZwShutdownSystem
SSDT 86556C2E updatenv.exe [3892.3896] ZwSuspendThread
SSDT 86556BBB updatenv.exe [3892.3896] ZwTerminateThread
SSDT 86557315 updatenv.exe [3892.3896] ZwWriteVirtualMemory
SSDT 88A73ED8 jusched.exe [3916.3920] ZwAlpcConnectPort
SSDT 88B892D0 jusched.exe [3916.3920] ZwCreateThread
SSDT 86557146 jusched.exe [3916.3920] ZwDeleteValueKey
SSDT 86556DDE jusched.exe [3916.3920] ZwEnumerateKey
SSDT 86556EF7 jusched.exe [3916.3920] ZwEnumerateValueKey
SSDT 88A73C78 jusched.exe [3916.3920] ZwLoadDriver
SSDT 86556D14 jusched.exe [3916.3920] ZwOpenKey
SSDT 86556A4E jusched.exe [3916.3920] ZwOpenProcess
SSDT 86556AD6 jusched.exe [3916.3920] ZwOpenThread
SSDT 8655738B jusched.exe [3916.3920] ZwProtectVirtualMemory
SSDT 86557562 jusched.exe [3916.3920] ZwQueryDirectoryFile
SSDT 865568FB jusched.exe [3916.3920] ZwQuerySystemInformation
SSDT 8655729F jusched.exe [3916.3920] ZwReadVirtualMemory
SSDT 88B21980 jusched.exe [3916.3920] ZwResumeThread
SSDT 86556CA1 jusched.exe [3916.3920] ZwSetContextThread
SSDT 86557034 jusched.exe [3916.3920] ZwSetValueKey
SSDT 86554C9F jusched.exe [3916.3920] ZwShutdownSystem
SSDT 86556C2E jusched.exe [3916.3920] ZwSuspendThread
SSDT 86556BBB jusched.exe [3916.3920] ZwTerminateThread
SSDT 86557315 jusched.exe [3916.3920] ZwWriteVirtualMemory
SSDT 88A73ED8 googletalk.exe [3944.3948] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.3948] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.3948] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.3948] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.3948] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.3948] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.3948] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.3948] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.3948] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.3948] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.3948] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.3948] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.3948] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.3948] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.3948] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.3948] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.3948] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.3948] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.3948] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.3948] ZwWriteVirtualMemory





#14 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:18 PM

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2568] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2568] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2568] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2568] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2568] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2568] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2568] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2568] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2568] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2568] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2568] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2568] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2568] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2568] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2568] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2568] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2568] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2568] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2568] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2568] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2568] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2488] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2488] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2488] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2488] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2488] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2488] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2488] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2488] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2488] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2488] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2488] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2488] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2488] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2488] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2488] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2488] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2488] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2488] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2488] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2488] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2488] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:3208] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.3208] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.3208] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.3208] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.3208] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.3208] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.3208] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.3208] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.3208] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.3208] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.3208] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.3208] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.3208] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.3208] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.3208] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.3208] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.3208] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.3208] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.3208] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.3208] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.3208] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2676] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2676] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2676] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2676] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2676] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2676] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2676] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2676] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2676] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2676] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2676] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2676] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2676] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2676] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2676] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2676] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2676] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2676] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2676] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2676] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2676] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2824] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2824] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2824] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2824] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2824] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2824] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2824] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2824] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2824] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2824] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2824] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2824] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2824] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2824] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2824] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2824] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2824] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2824] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2824] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2824] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2824] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2716] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2716] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2716] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2716] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2716] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2716] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2716] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2716] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2716] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2716] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2716] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2716] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2716] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2716] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2716] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2716] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2716] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2716] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2716] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2716] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2716] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2692] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2692] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2692] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2692] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2692] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2692] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2692] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2692] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2692] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2692] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2692] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2692] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2692] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2692] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2692] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2692] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2692] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2692] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2692] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2692] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2692] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:1544] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.1544] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.1544] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.1544] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.1544] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.1544] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.1544] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.1544] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.1544] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.1544] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.1544] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.1544] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.1544] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.1544] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.1544] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.1544] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.1544] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.1544] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.1544] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.1544] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.1544] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:184] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.184] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.184] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.184] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.184] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.184] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.184] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.184] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.184] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.184] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.184] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.184] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.184] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.184] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.184] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.184] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.184] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.184] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.184] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.184] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.184] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:2740] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.2740] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.2740] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.2740] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.2740] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.2740] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.2740] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.2740] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.2740] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.2740] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.2740] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.2740] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.2740] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.2740] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.2740] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.2740] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.2740] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.2740] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.2740] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.2740] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.2740] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread googletalk.exe [3944:4544] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 googletalk.exe [3944.4544] ZwAlpcConnectPort
SSDT 88B892D0 googletalk.exe [3944.4544] ZwCreateThread
SSDT 86557146 googletalk.exe [3944.4544] ZwDeleteValueKey
SSDT 86556DDE googletalk.exe [3944.4544] ZwEnumerateKey
SSDT 86556EF7 googletalk.exe [3944.4544] ZwEnumerateValueKey
SSDT 88A73C78 googletalk.exe [3944.4544] ZwLoadDriver
SSDT 86556D14 googletalk.exe [3944.4544] ZwOpenKey
SSDT 86556A4E googletalk.exe [3944.4544] ZwOpenProcess
SSDT 86556AD6 googletalk.exe [3944.4544] ZwOpenThread
SSDT 8655738B googletalk.exe [3944.4544] ZwProtectVirtualMemory
SSDT 86557562 googletalk.exe [3944.4544] ZwQueryDirectoryFile
SSDT 865568FB googletalk.exe [3944.4544] ZwQuerySystemInformation
SSDT 8655729F googletalk.exe [3944.4544] ZwReadVirtualMemory
SSDT 88B21980 googletalk.exe [3944.4544] ZwResumeThread
SSDT 86556CA1 googletalk.exe [3944.4544] ZwSetContextThread
SSDT 86557034 googletalk.exe [3944.4544] ZwSetValueKey
SSDT 86554C9F googletalk.exe [3944.4544] ZwShutdownSystem
SSDT 86556C2E googletalk.exe [3944.4544] ZwSuspendThread
SSDT 86556BBB googletalk.exe [3944.4544] ZwTerminateThread
SSDT 86557315 googletalk.exe [3944.4544] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread QTTask.exe [3972:3976] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 QTTask.exe [3972.3976] ZwAlpcConnectPort
SSDT 88B892D0 QTTask.exe [3972.3976] ZwCreateThread
SSDT 86557146 QTTask.exe [3972.3976] ZwDeleteValueKey
SSDT 86556DDE QTTask.exe [3972.3976] ZwEnumerateKey
SSDT 86556EF7 QTTask.exe [3972.3976] ZwEnumerateValueKey
SSDT 88A73C78 QTTask.exe [3972.3976] ZwLoadDriver
SSDT 86556D14 QTTask.exe [3972.3976] ZwOpenKey
SSDT 86556A4E QTTask.exe [3972.3976] ZwOpenProcess
SSDT 86556AD6 QTTask.exe [3972.3976] ZwOpenThread
SSDT 8655738B QTTask.exe [3972.3976] ZwProtectVirtualMemory
SSDT 86557562 QTTask.exe [3972.3976] ZwQueryDirectoryFile
SSDT 865568FB QTTask.exe [3972.3976] ZwQuerySystemInformation
SSDT 8655729F QTTask.exe [3972.3976] ZwReadVirtualMemory
SSDT 88B21980 QTTask.exe [3972.3976] ZwResumeThread
SSDT 86556CA1 QTTask.exe [3972.3976] ZwSetContextThread
SSDT 86557034 QTTask.exe [3972.3976] ZwSetValueKey
SSDT 86554C9F QTTask.exe [3972.3976] ZwShutdownSystem
SSDT 86556C2E QTTask.exe [3972.3976] ZwSuspendThread
SSDT 86556BBB QTTask.exe [3972.3976] ZwTerminateThread
SSDT 86557315 QTTask.exe [3972.3976] ZwWriteVirtualMemory
SSDT 88A73ED8 AdobeARM.exe [4012.4016] ZwAlpcConnectPort
SSDT 88B892D0 AdobeARM.exe [4012.4016] ZwCreateThread
SSDT 86557146 AdobeARM.exe [4012.4016] ZwDeleteValueKey
SSDT 86556DDE AdobeARM.exe [4012.4016] ZwEnumerateKey
SSDT 86556EF7 AdobeARM.exe [4012.4016] ZwEnumerateValueKey
SSDT 88A73C78 AdobeARM.exe [4012.4016] ZwLoadDriver
SSDT 86556D14 AdobeARM.exe [4012.4016] ZwOpenKey
SSDT 86556A4E AdobeARM.exe [4012.4016] ZwOpenProcess
SSDT 86556AD6 AdobeARM.exe [4012.4016] ZwOpenThread
SSDT 8655738B AdobeARM.exe [4012.4016] ZwProtectVirtualMemory
SSDT 86557562 AdobeARM.exe [4012.4016] ZwQueryDirectoryFile
SSDT 865568FB AdobeARM.exe [4012.4016] ZwQuerySystemInformation
SSDT 8655729F AdobeARM.exe [4012.4016] ZwReadVirtualMemory
SSDT 88B21980 AdobeARM.exe [4012.4016] ZwResumeThread
SSDT 86556CA1 AdobeARM.exe [4012.4016] ZwSetContextThread
SSDT 86557034 AdobeARM.exe [4012.4016] ZwSetValueKey
SSDT 86554C9F AdobeARM.exe [4012.4016] ZwShutdownSystem
SSDT 86556C2E AdobeARM.exe [4012.4016] ZwSuspendThread
SSDT 86556BBB AdobeARM.exe [4012.4016] ZwTerminateThread
SSDT 86557315 AdobeARM.exe [4012.4016] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread AdobeARM.exe [4012:1808] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 AdobeARM.exe [4012.1808] ZwAlpcConnectPort
SSDT 88B892D0 AdobeARM.exe [4012.1808] ZwCreateThread
SSDT 86557146 AdobeARM.exe [4012.1808] ZwDeleteValueKey
SSDT 86556DDE AdobeARM.exe [4012.1808] ZwEnumerateKey
SSDT 86556EF7 AdobeARM.exe [4012.1808] ZwEnumerateValueKey
SSDT 88A73C78 AdobeARM.exe [4012.1808] ZwLoadDriver
SSDT 86556D14 AdobeARM.exe [4012.1808] ZwOpenKey
SSDT 86556A4E AdobeARM.exe [4012.1808] ZwOpenProcess
SSDT 86556AD6 AdobeARM.exe [4012.1808] ZwOpenThread
SSDT 8655738B AdobeARM.exe [4012.1808] ZwProtectVirtualMemory
SSDT 86557562 AdobeARM.exe [4012.1808] ZwQueryDirectoryFile
SSDT 865568FB AdobeARM.exe [4012.1808] ZwQuerySystemInformation
SSDT 8655729F AdobeARM.exe [4012.1808] ZwReadVirtualMemory
SSDT 88B21980 AdobeARM.exe [4012.1808] ZwResumeThread
SSDT 86556CA1 AdobeARM.exe [4012.1808] ZwSetContextThread
SSDT 86557034 AdobeARM.exe [4012.1808] ZwSetValueKey
SSDT 86554C9F AdobeARM.exe [4012.1808] ZwShutdownSystem
SSDT 86556C2E AdobeARM.exe [4012.1808] ZwSuspendThread
SSDT 86556BBB AdobeARM.exe [4012.1808] ZwTerminateThread
SSDT 86557315 AdobeARM.exe [4012.1808] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread AdobeARM.exe [4012:3104] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 AdobeARM.exe [4012.3104] ZwAlpcConnectPort
SSDT 88B892D0 AdobeARM.exe [4012.3104] ZwCreateThread
SSDT 86557146 AdobeARM.exe [4012.3104] ZwDeleteValueKey
SSDT 86556DDE AdobeARM.exe [4012.3104] ZwEnumerateKey
SSDT 86556EF7 AdobeARM.exe [4012.3104] ZwEnumerateValueKey
SSDT 88A73C78 AdobeARM.exe [4012.3104] ZwLoadDriver
SSDT 86556D14 AdobeARM.exe [4012.3104] ZwOpenKey
SSDT 86556A4E AdobeARM.exe [4012.3104] ZwOpenProcess
SSDT 86556AD6 AdobeARM.exe [4012.3104] ZwOpenThread
SSDT 8655738B AdobeARM.exe [4012.3104] ZwProtectVirtualMemory
SSDT 86557562 AdobeARM.exe [4012.3104] ZwQueryDirectoryFile
SSDT 865568FB AdobeARM.exe [4012.3104] ZwQuerySystemInformation
SSDT 8655729F AdobeARM.exe [4012.3104] ZwReadVirtualMemory
SSDT 88B21980 AdobeARM.exe [4012.3104] ZwResumeThread
SSDT 86556CA1 AdobeARM.exe [4012.3104] ZwSetContextThread
SSDT 86557034 AdobeARM.exe [4012.3104] ZwSetValueKey
SSDT 86554C9F AdobeARM.exe [4012.3104] ZwShutdownSystem
SSDT 86556C2E AdobeARM.exe [4012.3104] ZwSuspendThread
SSDT 86556BBB AdobeARM.exe [4012.3104] ZwTerminateThread
SSDT 86557315 AdobeARM.exe [4012.3104] ZwWriteVirtualMemory
SSDT 88A73ED8 AdobeARM.exe [4012.4076] ZwAlpcConnectPort
SSDT 88B892D0 AdobeARM.exe [4012.4076] ZwCreateThread
SSDT 86557146 AdobeARM.exe [4012.4076] ZwDeleteValueKey
SSDT 86556DDE AdobeARM.exe [4012.4076] ZwEnumerateKey
SSDT 86556EF7 AdobeARM.exe [4012.4076] ZwEnumerateValueKey
SSDT 88A73C78 AdobeARM.exe [4012.4076] ZwLoadDriver
SSDT 86556D14 AdobeARM.exe [4012.4076] ZwOpenKey
SSDT 86556A4E AdobeARM.exe [4012.4076] ZwOpenProcess
SSDT 86556AD6 AdobeARM.exe [4012.4076] ZwOpenThread
SSDT 8655738B AdobeARM.exe [4012.4076] ZwProtectVirtualMemory
SSDT 86557562 AdobeARM.exe [4012.4076] ZwQueryDirectoryFile
SSDT 865568FB AdobeARM.exe [4012.4076] ZwQuerySystemInformation
SSDT 8655729F AdobeARM.exe [4012.4076] ZwReadVirtualMemory
SSDT 88B21980 AdobeARM.exe [4012.4076] ZwResumeThread
SSDT 86556CA1 AdobeARM.exe [4012.4076] ZwSetContextThread
SSDT 86557034 AdobeARM.exe [4012.4076] ZwSetValueKey
SSDT 86554C9F AdobeARM.exe [4012.4076] ZwShutdownSystem
SSDT 86556C2E AdobeARM.exe [4012.4076] ZwSuspendThread
SSDT 86556BBB AdobeARM.exe [4012.4076] ZwTerminateThread
SSDT 86557315 AdobeARM.exe [4012.4076] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread AdobeARM.exe [4012:1392] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 AdobeARM.exe [4012.1392] ZwAlpcConnectPort
SSDT 88B892D0 AdobeARM.exe [4012.1392] ZwCreateThread
SSDT 86557146 AdobeARM.exe [4012.1392] ZwDeleteValueKey
SSDT 86556DDE AdobeARM.exe [4012.1392] ZwEnumerateKey
SSDT 86556EF7 AdobeARM.exe [4012.1392] ZwEnumerateValueKey
SSDT 88A73C78 AdobeARM.exe [4012.1392] ZwLoadDriver
SSDT 86556D14 AdobeARM.exe [4012.1392] ZwOpenKey
SSDT 86556A4E AdobeARM.exe [4012.1392] ZwOpenProcess
SSDT 86556AD6 AdobeARM.exe [4012.1392] ZwOpenThread
SSDT 8655738B AdobeARM.exe [4012.1392] ZwProtectVirtualMemory
SSDT 86557562 AdobeARM.exe [4012.1392] ZwQueryDirectoryFile
SSDT 865568FB AdobeARM.exe [4012.1392] ZwQuerySystemInformation
SSDT 8655729F AdobeARM.exe [4012.1392] ZwReadVirtualMemory
SSDT 88B21980 AdobeARM.exe [4012.1392] ZwResumeThread
SSDT 86556CA1 AdobeARM.exe [4012.1392] ZwSetContextThread
SSDT 86557034 AdobeARM.exe [4012.1392] ZwSetValueKey
SSDT 86554C9F AdobeARM.exe [4012.1392] ZwShutdownSystem
SSDT 86556C2E AdobeARM.exe [4012.1392] ZwSuspendThread
SSDT 86556BBB AdobeARM.exe [4012.1392] ZwTerminateThread
SSDT 86557315 AdobeARM.exe [4012.1392] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread AdobeARM.exe [4012:4896] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 AdobeARM.exe [4012.4896] ZwAlpcConnectPort
SSDT 88B892D0 AdobeARM.exe [4012.4896] ZwCreateThread
SSDT 86557146 AdobeARM.exe [4012.4896] ZwDeleteValueKey
SSDT 86556DDE AdobeARM.exe [4012.4896] ZwEnumerateKey
SSDT 86556EF7 AdobeARM.exe [4012.4896] ZwEnumerateValueKey
SSDT 88A73C78 AdobeARM.exe [4012.4896] ZwLoadDriver
SSDT 86556D14 AdobeARM.exe [4012.4896] ZwOpenKey
SSDT 86556A4E AdobeARM.exe [4012.4896] ZwOpenProcess
SSDT 86556AD6 AdobeARM.exe [4012.4896] ZwOpenThread
SSDT 8655738B AdobeARM.exe [4012.4896] ZwProtectVirtualMemory
SSDT 86557562 AdobeARM.exe [4012.4896] ZwQueryDirectoryFile
SSDT 865568FB AdobeARM.exe [4012.4896] ZwQuerySystemInformation
SSDT 8655729F AdobeARM.exe [4012.4896] ZwReadVirtualMemory
SSDT 88B21980 AdobeARM.exe [4012.4896] ZwResumeThread
SSDT 86556CA1 AdobeARM.exe [4012.4896] ZwSetContextThread
SSDT 86557034 AdobeARM.exe [4012.4896] ZwSetValueKey
SSDT 86554C9F AdobeARM.exe [4012.4896] ZwShutdownSystem
SSDT 86556C2E AdobeARM.exe [4012.4896] ZwSuspendThread
SSDT 86556BBB AdobeARM.exe [4012.4896] ZwTerminateThread
SSDT 86557315 AdobeARM.exe [4012.4896] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4120] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4120] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4120] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4120] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4120] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4120] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4120] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4120] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4120] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4120] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4120] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4120] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4120] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4120] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4120] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4120] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4120] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4120] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4120] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4120] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4120] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4148] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4148] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4148] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4148] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4148] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4148] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4148] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4148] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4148] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4148] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4148] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4148] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4148] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4148] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4148] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4148] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4148] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4148] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4148] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4148] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4148] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4152] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4152] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4152] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4152] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4152] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4152] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4152] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4152] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4152] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4152] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4152] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4152] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4152] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4152] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4152] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4152] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4152] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4152] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4152] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4152] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4152] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4156] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4156] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4156] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4156] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4156] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4156] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4156] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4156] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4156] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4156] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4156] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4156] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4156] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4156] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4156] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4156] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4156] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4156] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4156] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4156] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4156] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4164] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4164] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4164] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4164] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4164] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4164] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4164] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4164] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4164] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4164] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4164] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4164] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4164] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4164] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4164] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4164] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4164] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4164] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4164] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4164] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4164] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4180] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4180] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4180] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4180] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4180] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4180] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4180] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4180] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4180] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4180] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4180] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4180] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4180] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4180] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4180] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4180] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4180] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4180] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4180] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4180] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4180] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4184] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4184] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4184] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4184] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4184] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4184] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4184] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4184] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4184] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4184] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4184] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4184] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4184] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4184] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4184] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4184] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4184] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4184] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4184] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4184] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4184] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4648] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4648] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4648] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4648] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4648] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4648] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4648] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4648] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4648] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4648] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4648] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4648] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4648] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4648] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4648] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4648] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4648] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4648] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4648] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4648] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4648] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4676] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4676] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4676] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4676] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4676] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4676] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4676] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4676] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4676] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4676] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4676] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4676] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4676] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4676] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4676] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4676] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4676] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4676] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4676] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4676] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4676] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4680] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4680] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4680] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4680] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4680] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4680] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4680] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4680] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4680] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4680] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4680] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4680] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4680] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4680] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4680] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4680] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4680] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4680] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4680] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4680] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4680] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4684] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4684] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4684] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4684] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4684] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4684] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4684] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4684] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4684] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4684] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4684] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4684] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4684] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4684] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4684] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4684] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4684] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4684] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4684] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4684] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4684] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4688] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4688] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4688] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4688] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4688] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4688] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4688] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4688] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4688] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4688] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4688] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4688] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4688] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4688] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4688] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4688] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4688] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4688] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4688] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4688] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4688] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4692] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4692] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4692] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4692] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4692] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4692] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4692] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4692] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4692] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4692] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4692] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4692] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4692] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4692] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4692] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4692] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4692] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4692] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4692] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4692] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4692] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:4908] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.4908] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.4908] ZwCreateThread
SSDT 86557146 CCC.exe [4116.4908] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.4908] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.4908] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.4908] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.4908] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.4908] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.4908] ZwOpenThread
SSDT 8655738B CCC.exe [4116.4908] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.4908] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.4908] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.4908] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.4908] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.4908] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.4908] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.4908] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.4908] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.4908] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.4908] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:5252] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.5252] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.5252] ZwCreateThread
SSDT 86557146 CCC.exe [4116.5252] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.5252] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.5252] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.5252] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.5252] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.5252] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.5252] ZwOpenThread
SSDT 8655738B CCC.exe [4116.5252] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.5252] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.5252] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.5252] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.5252] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.5252] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.5252] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.5252] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.5252] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.5252] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.5252] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:5268] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.5268] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.5268] ZwCreateThread
SSDT 86557146 CCC.exe [4116.5268] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.5268] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.5268] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.5268] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.5268] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.5268] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.5268] ZwOpenThread
SSDT 8655738B CCC.exe [4116.5268] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.5268] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.5268] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.5268] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.5268] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.5268] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.5268] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.5268] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.5268] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.5268] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.5268] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:5340] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.5340] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.5340] ZwCreateThread
SSDT 86557146 CCC.exe [4116.5340] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.5340] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.5340] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.5340] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.5340] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.5340] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.5340] ZwOpenThread
SSDT 8655738B CCC.exe [4116.5340] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.5340] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.5340] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.5340] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.5340] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.5340] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.5340] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.5340] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.5340] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.5340] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.5340] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread CCC.exe [4116:5420] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 CCC.exe [4116.5420] ZwAlpcConnectPort
SSDT 88B892D0 CCC.exe [4116.5420] ZwCreateThread
SSDT 86557146 CCC.exe [4116.5420] ZwDeleteValueKey
SSDT 86556DDE CCC.exe [4116.5420] ZwEnumerateKey
SSDT 86556EF7 CCC.exe [4116.5420] ZwEnumerateValueKey
SSDT 88A73C78 CCC.exe [4116.5420] ZwLoadDriver
SSDT 86556D14 CCC.exe [4116.5420] ZwOpenKey
SSDT 86556A4E CCC.exe [4116.5420] ZwOpenProcess
SSDT 86556AD6 CCC.exe [4116.5420] ZwOpenThread
SSDT 8655738B CCC.exe [4116.5420] ZwProtectVirtualMemory
SSDT 86557562 CCC.exe [4116.5420] ZwQueryDirectoryFile
SSDT 865568FB CCC.exe [4116.5420] ZwQuerySystemInformation
SSDT 8655729F CCC.exe [4116.5420] ZwReadVirtualMemory
SSDT 88B21980 CCC.exe [4116.5420] ZwResumeThread
SSDT 86556CA1 CCC.exe [4116.5420] ZwSetContextThread
SSDT 86557034 CCC.exe [4116.5420] ZwSetValueKey
SSDT 86554C9F CCC.exe [4116.5420] ZwShutdownSystem
SSDT 86556C2E CCC.exe [4116.5420] ZwSuspendThread
SSDT 86556BBB CCC.exe [4116.5420] ZwTerminateThread
SSDT 86557315 CCC.exe [4116.5420] ZwWriteVirtualMemory
SSDT 88A73ED8 iexplore.exe [5048.6308] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.6308] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.6308] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.6308] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.6308] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.6308] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.6308] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.6308] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.6308] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.6308] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.6308] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.6308] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.6308] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.6308] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.6308] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.6308] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.6308] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.6308] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.6308] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.6308] ZwWriteVirtualMemory





#15 jnh2opolo5

jnh2opolo5
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Beach
  • Local time:03:14 PM

Posted 25 October 2010 - 06:20 PM

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:5108] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.5108] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.5108] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.5108] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.5108] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.5108] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.5108] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.5108] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.5108] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.5108] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.5108] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.5108] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.5108] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.5108] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.5108] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.5108] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.5108] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.5108] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.5108] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.5108] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.5108] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:7972] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.7972] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.7972] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.7972] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.7972] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.7972] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.7972] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.7972] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.7972] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.7972] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.7972] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.7972] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.7972] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.7972] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.7972] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.7972] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.7972] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.7972] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.7972] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.7972] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.7972] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:8112] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.8112] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.8112] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.8112] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.8112] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.8112] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.8112] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.8112] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.8112] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.8112] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.8112] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.8112] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.8112] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.8112] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.8112] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.8112] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.8112] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.8112] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.8112] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.8112] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.8112] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:8080] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.8080] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.8080] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.8080] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.8080] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.8080] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.8080] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.8080] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.8080] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.8080] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.8080] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.8080] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.8080] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.8080] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.8080] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.8080] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.8080] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.8080] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.8080] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.8080] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.8080] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:7376] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.7376] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.7376] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.7376] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.7376] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.7376] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.7376] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.7376] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.7376] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.7376] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.7376] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.7376] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.7376] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.7376] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.7376] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.7376] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.7376] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.7376] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.7376] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.7376] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.7376] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:5808] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.5808] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.5808] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.5808] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.5808] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.5808] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.5808] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.5808] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.5808] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.5808] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.5808] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.5808] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.5808] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.5808] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.5808] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.5808] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.5808] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.5808] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.5808] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.5808] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.5808] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:6948] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.6948] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.6948] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.6948] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.6948] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.6948] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.6948] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.6948] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.6948] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.6948] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.6948] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.6948] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.6948] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.6948] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.6948] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.6948] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.6948] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.6948] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.6948] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.6948] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.6948] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:5536] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.5536] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.5536] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.5536] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.5536] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.5536] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.5536] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.5536] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.5536] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.5536] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.5536] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.5536] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.5536] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.5536] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.5536] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.5536] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.5536] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.5536] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.5536] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.5536] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.5536] ZwWriteVirtualMemory
SSDT 88A73ED8 iexplore.exe [5048.336] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.336] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.336] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.336] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.336] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.336] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.336] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.336] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.336] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.336] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.336] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.336] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.336] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.336] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.336] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.336] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.336] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.336] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.336] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.336] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:9432] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.9432] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.9432] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.9432] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.9432] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.9432] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.9432] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.9432] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.9432] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.9432] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.9432] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.9432] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.9432] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.9432] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.9432] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.9432] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.9432] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.9432] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.9432] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.9432] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.9432] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:7528] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.7528] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.7528] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.7528] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.7528] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.7528] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.7528] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.7528] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.7528] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.7528] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.7528] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.7528] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.7528] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.7528] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.7528] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.7528] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.7528] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.7528] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.7528] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.7528] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.7528] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [5048:10148] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [5048.10148] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [5048.10148] ZwCreateThread
SSDT 86557146 iexplore.exe [5048.10148] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [5048.10148] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [5048.10148] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [5048.10148] ZwLoadDriver
SSDT 86556D14 iexplore.exe [5048.10148] ZwOpenKey
SSDT 86556A4E iexplore.exe [5048.10148] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [5048.10148] ZwOpenThread
SSDT 8655738B iexplore.exe [5048.10148] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [5048.10148] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [5048.10148] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [5048.10148] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [5048.10148] ZwResumeThread
SSDT 86556CA1 iexplore.exe [5048.10148] ZwSetContextThread
SSDT 86557034 iexplore.exe [5048.10148] ZwSetValueKey
SSDT 86554C9F iexplore.exe [5048.10148] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [5048.10148] ZwSuspendThread
SSDT 86556BBB iexplore.exe [5048.10148] ZwTerminateThread
SSDT 86557315 iexplore.exe [5048.10148] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread FlashUtil10k_ActiveX.exe [5240:5708] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 FlashUtil10k_ActiveX.exe [5240.5708] ZwAlpcConnectPort
SSDT 88B892D0 FlashUtil10k_ActiveX.exe [5240.5708] ZwCreateThread
SSDT 86557146 FlashUtil10k_ActiveX.exe [5240.5708] ZwDeleteValueKey
SSDT 86556DDE FlashUtil10k_ActiveX.exe [5240.5708] ZwEnumerateKey
SSDT 86556EF7 FlashUtil10k_ActiveX.exe [5240.5708] ZwEnumerateValueKey
SSDT 88A73C78 FlashUtil10k_ActiveX.exe [5240.5708] ZwLoadDriver
SSDT 86556D14 FlashUtil10k_ActiveX.exe [5240.5708] ZwOpenKey
SSDT 86556A4E FlashUtil10k_ActiveX.exe [5240.5708] ZwOpenProcess
SSDT 86556AD6 FlashUtil10k_ActiveX.exe [5240.5708] ZwOpenThread
SSDT 8655738B FlashUtil10k_ActiveX.exe [5240.5708] ZwProtectVirtualMemory
SSDT 86557562 FlashUtil10k_ActiveX.exe [5240.5708] ZwQueryDirectoryFile
SSDT 865568FB FlashUtil10k_ActiveX.exe [5240.5708] ZwQuerySystemInformation
SSDT 8655729F FlashUtil10k_ActiveX.exe [5240.5708] ZwReadVirtualMemory
SSDT 88B21980 FlashUtil10k_ActiveX.exe [5240.5708] ZwResumeThread
SSDT 86556CA1 FlashUtil10k_ActiveX.exe [5240.5708] ZwSetContextThread
SSDT 86557034 FlashUtil10k_ActiveX.exe [5240.5708] ZwSetValueKey
SSDT 86554C9F FlashUtil10k_ActiveX.exe [5240.5708] ZwShutdownSystem
SSDT 86556C2E FlashUtil10k_ActiveX.exe [5240.5708] ZwSuspendThread
SSDT 86556BBB FlashUtil10k_ActiveX.exe [5240.5708] ZwTerminateThread
SSDT 86557315 FlashUtil10k_ActiveX.exe [5240.5708] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread wuauclt.exe [5964:5968] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 wuauclt.exe [5964.5968] ZwAlpcConnectPort
SSDT 88B892D0 wuauclt.exe [5964.5968] ZwCreateThread
SSDT 86557146 wuauclt.exe [5964.5968] ZwDeleteValueKey
SSDT 86556DDE wuauclt.exe [5964.5968] ZwEnumerateKey
SSDT 86556EF7 wuauclt.exe [5964.5968] ZwEnumerateValueKey
SSDT 88A73C78 wuauclt.exe [5964.5968] ZwLoadDriver
SSDT 86556D14 wuauclt.exe [5964.5968] ZwOpenKey
SSDT 86556A4E wuauclt.exe [5964.5968] ZwOpenProcess
SSDT 86556AD6 wuauclt.exe [5964.5968] ZwOpenThread
SSDT 8655738B wuauclt.exe [5964.5968] ZwProtectVirtualMemory
SSDT 86557562 wuauclt.exe [5964.5968] ZwQueryDirectoryFile
SSDT 865568FB wuauclt.exe [5964.5968] ZwQuerySystemInformation
SSDT 8655729F wuauclt.exe [5964.5968] ZwReadVirtualMemory
SSDT 88B21980 wuauclt.exe [5964.5968] ZwResumeThread
SSDT 86556CA1 wuauclt.exe [5964.5968] ZwSetContextThread
SSDT 86557034 wuauclt.exe [5964.5968] ZwSetValueKey
SSDT 86554C9F wuauclt.exe [5964.5968] ZwShutdownSystem
SSDT 86556C2E wuauclt.exe [5964.5968] ZwSuspendThread
SSDT 86556BBB wuauclt.exe [5964.5968] ZwTerminateThread
SSDT 86557315 wuauclt.exe [5964.5968] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread wuauclt.exe [5964:5976] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 wuauclt.exe [5964.5976] ZwAlpcConnectPort
SSDT 88B892D0 wuauclt.exe [5964.5976] ZwCreateThread
SSDT 86557146 wuauclt.exe [5964.5976] ZwDeleteValueKey
SSDT 86556DDE wuauclt.exe [5964.5976] ZwEnumerateKey
SSDT 86556EF7 wuauclt.exe [5964.5976] ZwEnumerateValueKey
SSDT 88A73C78 wuauclt.exe [5964.5976] ZwLoadDriver
SSDT 86556D14 wuauclt.exe [5964.5976] ZwOpenKey
SSDT 86556A4E wuauclt.exe [5964.5976] ZwOpenProcess
SSDT 86556AD6 wuauclt.exe [5964.5976] ZwOpenThread
SSDT 8655738B wuauclt.exe [5964.5976] ZwProtectVirtualMemory
SSDT 86557562 wuauclt.exe [5964.5976] ZwQueryDirectoryFile
SSDT 865568FB wuauclt.exe [5964.5976] ZwQuerySystemInformation
SSDT 8655729F wuauclt.exe [5964.5976] ZwReadVirtualMemory
SSDT 88B21980 wuauclt.exe [5964.5976] ZwResumeThread
SSDT 86556CA1 wuauclt.exe [5964.5976] ZwSetContextThread
SSDT 86557034 wuauclt.exe [5964.5976] ZwSetValueKey
SSDT 86554C9F wuauclt.exe [5964.5976] ZwShutdownSystem
SSDT 86556C2E wuauclt.exe [5964.5976] ZwSuspendThread
SSDT 86556BBB wuauclt.exe [5964.5976] ZwTerminateThread
SSDT 86557315 wuauclt.exe [5964.5976] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:5104] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.5104] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.5104] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.5104] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.5104] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.5104] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.5104] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.5104] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.5104] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.5104] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.5104] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.5104] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.5104] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.5104] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.5104] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.5104] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.5104] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.5104] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.5104] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.5104] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.5104] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:3512] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.3512] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.3512] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.3512] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.3512] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.3512] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.3512] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.3512] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.3512] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.3512] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.3512] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.3512] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.3512] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.3512] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.3512] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.3512] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.3512] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.3512] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.3512] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.3512] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.3512] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:2556] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.2556] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.2556] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.2556] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.2556] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.2556] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.2556] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.2556] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.2556] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.2556] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.2556] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.2556] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.2556] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.2556] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.2556] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.2556] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.2556] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.2556] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.2556] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.2556] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.2556] ZwWriteVirtualMemory
SSDT 88A73ED8 iexplore.exe [7912.3084] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.3084] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.3084] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.3084] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.3084] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.3084] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.3084] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.3084] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.3084] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.3084] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.3084] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.3084] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.3084] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.3084] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.3084] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.3084] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.3084] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.3084] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.3084] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.3084] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:156] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.156] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.156] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.156] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.156] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.156] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.156] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.156] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.156] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.156] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.156] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.156] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.156] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.156] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.156] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.156] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.156] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.156] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.156] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.156] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.156] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:3660] SSDT 0x88C31008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.3660] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.3660] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.3660] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.3660] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.3660] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.3660] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.3660] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.3660] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.3660] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.3660] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.3660] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.3660] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.3660] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.3660] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.3660] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.3660] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.3660] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.3660] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.3660] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.3660] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:3836] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.3836] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.3836] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.3836] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.3836] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.3836] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.3836] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.3836] ZwOpenKey
SSDT 86556A4E iexplore.exe [7912.3836] ZwOpenProcess
SSDT 86556AD6 iexplore.exe [7912.3836] ZwOpenThread
SSDT 8655738B iexplore.exe [7912.3836] ZwProtectVirtualMemory
SSDT 86557562 iexplore.exe [7912.3836] ZwQueryDirectoryFile
SSDT 865568FB iexplore.exe [7912.3836] ZwQuerySystemInformation
SSDT 8655729F iexplore.exe [7912.3836] ZwReadVirtualMemory
SSDT 88B21980 iexplore.exe [7912.3836] ZwResumeThread
SSDT 86556CA1 iexplore.exe [7912.3836] ZwSetContextThread
SSDT 86557034 iexplore.exe [7912.3836] ZwSetValueKey
SSDT 86554C9F iexplore.exe [7912.3836] ZwShutdownSystem
SSDT 86556C2E iexplore.exe [7912.3836] ZwSuspendThread
SSDT 86556BBB iexplore.exe [7912.3836] ZwTerminateThread
SSDT 86557315 iexplore.exe [7912.3836] ZwWriteVirtualMemory

---- Threads - GMER 1.0.15 ----

Thread iexplore.exe [7912:6236] SSDT 0x89131008 != 0x82AF884C

SSDT 88A73ED8 iexplore.exe [7912.6236] ZwAlpcConnectPort
SSDT 88B892D0 iexplore.exe [7912.6236] ZwCreateThread
SSDT 86557146 iexplore.exe [7912.6236] ZwDeleteValueKey
SSDT 86556DDE iexplore.exe [7912.6236] ZwEnumerateKey
SSDT 86556EF7 iexplore.exe [7912.6236] ZwEnumerateValueKey
SSDT 88A73C78 iexplore.exe [7912.6236] ZwLoadDriver
SSDT 86556D14 iexplore.exe [7912.6236] Zw