Über 1000 infizierte Objekte

#0
01.04.2010, 08:47
Member

Beiträge: 13
#1 Hi an Alle!

Meine Schwester hat mir ihren Laptop gegeben und mich um Hilfe gebeten weil er nach dem Systemstart nicht mehr reagiert.
Sie war grag 9 Monate in Indien und ist ohne Virenschutz ins Internet gegangen.
Zuerst habe ich versucht den Laptop mit Malwarebytes zu scannen aber nach 20 Studen scannen hat er sich endgültig aufgehängt.
Zum Glück habe ich eine Antivirus CD ( Anti-Virus Profi Paket) von der aus der Computer gebootet wurde und ein Systemscan durchgeführt werden konnte.
Das Ergebnis: Über 1000 infizierte Objekte.
Jetzt läuft der Computer wieder normal aber es sind immernoch Viren oben.
Ich hoffe Ihr könnt mir helfen diese endgültig zu beseitigen.

Malwarebyteslog:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3939

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

01.04.2010 07:53:14
mbam-log-2010-04-01 (07-53-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 102226
Laufzeit: 6 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.


GMERLog:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-01 08:09:50
Windows 5.1.2600 Service Pack 2
Running: icpjj5cg.exe; Driver: C:\DOKUME~1\user\LOKALE~1\Temp\ufeyypoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwClose [0xACFEB3B0]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwCreateKey [0xACFEC090]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwDeleteKey [0xACFEC1B2]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwDeleteValueKey [0xACFEC1D4]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwOpenKey [0xACFEC118]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwOpenProcess [0xACFEB2D6]
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG) ZwSetValueKey [0xACFEC184]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + 816 8053C74A 4 Bytes CALL ABCF3145 00002692
? vhwe.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\drivers\atapi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? 00002692 Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G DATA Software AG)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys (G DATA Software AG)
Device \Driver\baxnpbhhvuc \Device\{9DD6AFA1-8646-4720-836B-EDCB1085864A} 00002692

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84D098D4

---- Threads - GMER 1.0.15 ----

Thread System [4:1816] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.1816] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.1816] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.1816] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.1816] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.1816] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.1816] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.1816] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.1816] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.1816] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.1816] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.1816] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.1816] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.1816] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.1816] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.1816] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:1820] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.1820] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.1820] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.1820] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.1820] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.1820] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.1820] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.1820] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.1820] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.1820] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.1820] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.1820] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.1820] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.1820] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.1820] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.1820] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:732] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.732] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.732] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.732] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.732] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.732] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.732] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.732] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.732] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.732] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.732] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.732] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.732] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.732] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.732] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.732] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:752] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.752] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.752] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.752] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.752] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.752] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.752] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.752] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.752] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.752] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.752] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.752] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.752] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.752] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.752] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.752] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:1392] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.1392] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.1392] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.1392] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.1392] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.1392] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.1392] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.1392] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.1392] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.1392] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.1392] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.1392] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.1392] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.1392] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.1392] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.1392] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:284] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.284] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.284] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.284] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.284] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.284] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.284] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.284] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.284] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.284] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.284] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.284] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.284] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.284] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.284] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.284] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:1208] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.1208] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.1208] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.1208] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.1208] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.1208] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.1208] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.1208] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.1208] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.1208] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.1208] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.1208] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.1208] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.1208] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.1208] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.1208] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread System [4:3136] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 System [4.3136] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 System [4.3136] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 System [4.3136] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 System [4.3136] ZwOpenKey [0xABCF210F]
SSDT 00002692 System [4.3136] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 System [4.3136] ZwOpenThread [0xABCF1F01]
SSDT 00002692 System [4.3136] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 System [4.3136] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 System [4.3136] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 System [4.3136] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 System [4.3136] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 System [4.3136] ZwSetValueKey [0xABCF2413]
SSDT 00002692 System [4.3136] ZwSuspendThread [0xABCF2049]
SSDT 00002692 System [4.3136] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 System [4.3136] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:372] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.372] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.372] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:828] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.828] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.828] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:940] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.940] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.940] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:956] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.956] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.956] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:928] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.928] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.928] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:992] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.992] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.992] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:1248] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.1248] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.1248] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [368:2644] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [368.2644] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [368.2644] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [464:472] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 csrss.exe [464.472] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 csrss.exe [464.472] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 csrss.exe [464.472] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 csrss.exe [464.472] ZwOpenKey [0xABCF210F]
SSDT 00002692 csrss.exe [464.472] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 csrss.exe [464.472] ZwOpenThread [0xABCF1F01]
SSDT 00002692 csrss.exe [464.472] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 csrss.exe [464.472] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 csrss.exe [464.472] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 csrss.exe [464.472] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 csrss.exe [464.472] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 csrss.exe [464.472] ZwSetValueKey [0xABCF2413]
SSDT 00002692 csrss.exe [464.472] ZwSuspendThread [0xABCF2049]
SSDT 00002692 csrss.exe [464.472] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 csrss.exe [464.472] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread csrss.exe [464:1436] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 csrss.exe [464.1436] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 csrss.exe [464.1436] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 csrss.exe [464.1436] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 csrss.exe [464.1436] ZwOpenKey [0xABCF210F]
SSDT 00002692 csrss.exe [464.1436] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 csrss.exe [464.1436] ZwOpenThread [0xABCF1F01]
SSDT 00002692 csrss.exe [464.1436] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 csrss.exe [464.1436] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 csrss.exe [464.1436] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 csrss.exe [464.1436] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 csrss.exe [464.1436] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 csrss.exe [464.1436] ZwSetValueKey [0xABCF2413]
SSDT 00002692 csrss.exe [464.1436] ZwSuspendThread [0xABCF2049]
SSDT 00002692 csrss.exe [464.1436] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 csrss.exe [464.1436] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread winlogon.exe [488:1992] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 winlogon.exe [488.1992] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 winlogon.exe [488.1992] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 winlogon.exe [488.1992] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 winlogon.exe [488.1992] ZwOpenKey [0xABCF210F]
SSDT 00002692 winlogon.exe [488.1992] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 winlogon.exe [488.1992] ZwOpenThread [0xABCF1F01]
SSDT 00002692 winlogon.exe [488.1992] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 winlogon.exe [488.1992] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 winlogon.exe [488.1992] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 winlogon.exe [488.1992] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 winlogon.exe [488.1992] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 winlogon.exe [488.1992] ZwSetValueKey [0xABCF2413]
SSDT 00002692 winlogon.exe [488.1992] ZwSuspendThread [0xABCF2049]
SSDT 00002692 winlogon.exe [488.1992] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 winlogon.exe [488.1992] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread winlogon.exe [488:2900] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 winlogon.exe [488.2900] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 winlogon.exe [488.2900] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 winlogon.exe [488.2900] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 winlogon.exe [488.2900] ZwOpenKey [0xABCF210F]
SSDT 00002692 winlogon.exe [488.2900] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 winlogon.exe [488.2900] ZwOpenThread [0xABCF1F01]
SSDT 00002692 winlogon.exe [488.2900] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 winlogon.exe [488.2900] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 winlogon.exe [488.2900] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 winlogon.exe [488.2900] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 winlogon.exe [488.2900] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 winlogon.exe [488.2900] ZwSetValueKey [0xABCF2413]
SSDT 00002692 winlogon.exe [488.2900] ZwSuspendThread [0xABCF2049]
SSDT 00002692 winlogon.exe [488.2900] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 winlogon.exe [488.2900] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SERVICES.EXE [532:896] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 SERVICES.EXE [532.896] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SERVICES.EXE [532.896] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SERVICES.EXE [532.896] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SERVICES.EXE [532.896] ZwOpenKey [0xABCF210F]
SSDT 00002692 SERVICES.EXE [532.896] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SERVICES.EXE [532.896] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SERVICES.EXE [532.896] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SERVICES.EXE [532.896] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SERVICES.EXE [532.896] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SERVICES.EXE [532.896] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SERVICES.EXE [532.896] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SERVICES.EXE [532.896] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SERVICES.EXE [532.896] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SERVICES.EXE [532.896] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SERVICES.EXE [532.896] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SERVICES.EXE [532:460] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SERVICES.EXE [532.460] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SERVICES.EXE [532.460] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SERVICES.EXE [532.460] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SERVICES.EXE [532.460] ZwOpenKey [0xABCF210F]
SSDT 00002692 SERVICES.EXE [532.460] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SERVICES.EXE [532.460] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SERVICES.EXE [532.460] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SERVICES.EXE [532.460] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SERVICES.EXE [532.460] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SERVICES.EXE [532.460] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SERVICES.EXE [532.460] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SERVICES.EXE [532.460] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SERVICES.EXE [532.460] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SERVICES.EXE [532.460] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SERVICES.EXE [532.460] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SERVICES.EXE [532:700] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SERVICES.EXE [532.700] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SERVICES.EXE [532.700] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SERVICES.EXE [532.700] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SERVICES.EXE [532.700] ZwOpenKey [0xABCF210F]
SSDT 00002692 SERVICES.EXE [532.700] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SERVICES.EXE [532.700] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SERVICES.EXE [532.700] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SERVICES.EXE [532.700] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SERVICES.EXE [532.700] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SERVICES.EXE [532.700] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SERVICES.EXE [532.700] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SERVICES.EXE [532.700] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SERVICES.EXE [532.700] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SERVICES.EXE [532.700] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SERVICES.EXE [532.700] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SERVICES.EXE [532:708] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SERVICES.EXE [532.708] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SERVICES.EXE [532.708] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SERVICES.EXE [532.708] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SERVICES.EXE [532.708] ZwOpenKey [0xABCF210F]
SSDT 00002692 SERVICES.EXE [532.708] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SERVICES.EXE [532.708] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SERVICES.EXE [532.708] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SERVICES.EXE [532.708] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SERVICES.EXE [532.708] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SERVICES.EXE [532.708] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SERVICES.EXE [532.708] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SERVICES.EXE [532.708] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SERVICES.EXE [532.708] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SERVICES.EXE [532.708] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SERVICES.EXE [532.708] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SERVICES.EXE [532:1236] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SERVICES.EXE [532.1236] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SERVICES.EXE [532.1236] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SERVICES.EXE [532.1236] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SERVICES.EXE [532.1236] ZwOpenKey [0xABCF210F]
SSDT 00002692 SERVICES.EXE [532.1236] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SERVICES.EXE [532.1236] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SERVICES.EXE [532.1236] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SERVICES.EXE [532.1236] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SERVICES.EXE [532.1236] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SERVICES.EXE [532.1236] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SERVICES.EXE [532.1236] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SERVICES.EXE [532.1236] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SERVICES.EXE [532.1236] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SERVICES.EXE [532.1236] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SERVICES.EXE [532.1236] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SERVICES.EXE [532:2720] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SERVICES.EXE [532.2720] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SERVICES.EXE [532.2720] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SERVICES.EXE [532.2720] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SERVICES.EXE [532.2720] ZwOpenKey [0xABCF210F]
SSDT 00002692 SERVICES.EXE [532.2720] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SERVICES.EXE [532.2720] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SERVICES.EXE [532.2720] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SERVICES.EXE [532.2720] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SERVICES.EXE [532.2720] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SERVICES.EXE [532.2720] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SERVICES.EXE [532.2720] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SERVICES.EXE [532.2720] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SERVICES.EXE [532.2720] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SERVICES.EXE [532.2720] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SERVICES.EXE [532.2720] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread LSASS.EXE [544:1880] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 LSASS.EXE [544.1880] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 LSASS.EXE [544.1880] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 LSASS.EXE [544.1880] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 LSASS.EXE [544.1880] ZwOpenKey [0xABCF210F]
SSDT 00002692 LSASS.EXE [544.1880] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 LSASS.EXE [544.1880] ZwOpenThread [0xABCF1F01]
SSDT 00002692 LSASS.EXE [544.1880] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 LSASS.EXE [544.1880] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 LSASS.EXE [544.1880] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 LSASS.EXE [544.1880] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 LSASS.EXE [544.1880] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 LSASS.EXE [544.1880] ZwSetValueKey [0xABCF2413]
SSDT 00002692 LSASS.EXE [544.1880] ZwSuspendThread [0xABCF2049]
SSDT 00002692 LSASS.EXE [544.1880] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 LSASS.EXE [544.1880] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread LSASS.EXE [544:1928] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 LSASS.EXE [544.1928] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 LSASS.EXE [544.1928] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 LSASS.EXE [544.1928] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 LSASS.EXE [544.1928] ZwOpenKey [0xABCF210F]
SSDT 00002692 LSASS.EXE [544.1928] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 LSASS.EXE [544.1928] ZwOpenThread [0xABCF1F01]
SSDT 00002692 LSASS.EXE [544.1928] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 LSASS.EXE [544.1928] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 LSASS.EXE [544.1928] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 LSASS.EXE [544.1928] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 LSASS.EXE [544.1928] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 LSASS.EXE [544.1928] ZwSetValueKey [0xABCF2413]
SSDT 00002692 LSASS.EXE [544.1928] ZwSuspendThread [0xABCF2049]
SSDT 00002692 LSASS.EXE [544.1928] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 LSASS.EXE [544.1928] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread LSASS.EXE [544:1932] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 LSASS.EXE [544.1932] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 LSASS.EXE [544.1932] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 LSASS.EXE [544.1932] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 LSASS.EXE [544.1932] ZwOpenKey [0xABCF210F]
SSDT 00002692 LSASS.EXE [544.1932] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 LSASS.EXE [544.1932] ZwOpenThread [0xABCF1F01]
SSDT 00002692 LSASS.EXE [544.1932] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 LSASS.EXE [544.1932] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 LSASS.EXE [544.1932] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 LSASS.EXE [544.1932] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 LSASS.EXE [544.1932] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 LSASS.EXE [544.1932] ZwSetValueKey [0xABCF2413]
SSDT 00002692 LSASS.EXE [544.1932] ZwSuspendThread [0xABCF2049]
SSDT 00002692 LSASS.EXE [544.1932] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 LSASS.EXE [544.1932] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread LSASS.EXE [544:1936] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 LSASS.EXE [544.1936] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 LSASS.EXE [544.1936] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 LSASS.EXE [544.1936] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 LSASS.EXE [544.1936] ZwOpenKey [0xABCF210F]
SSDT 00002692 LSASS.EXE [544.1936] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 LSASS.EXE [544.1936] ZwOpenThread [0xABCF1F01]
SSDT 00002692 LSASS.EXE [544.1936] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 LSASS.EXE [544.1936] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 LSASS.EXE [544.1936] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 LSASS.EXE [544.1936] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 LSASS.EXE [544.1936] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 LSASS.EXE [544.1936] ZwSetValueKey [0xABCF2413]
SSDT 00002692 LSASS.EXE [544.1936] ZwSuspendThread [0xABCF2049]
SSDT 00002692 LSASS.EXE [544.1936] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 LSASS.EXE [544.1936] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread LSASS.EXE [544:2708] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 LSASS.EXE [544.2708] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 LSASS.EXE [544.2708] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 LSASS.EXE [544.2708] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 LSASS.EXE [544.2708] ZwOpenKey [0xABCF210F]
SSDT 00002692 LSASS.EXE [544.2708] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 LSASS.EXE [544.2708] ZwOpenThread [0xABCF1F01]
SSDT 00002692 LSASS.EXE [544.2708] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 LSASS.EXE [544.2708] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 LSASS.EXE [544.2708] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 LSASS.EXE [544.2708] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 LSASS.EXE [544.2708] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 LSASS.EXE [544.2708] ZwSetValueKey [0xABCF2413]
SSDT 00002692 LSASS.EXE [544.2708] ZwSuspendThread [0xABCF2049]
SSDT 00002692 LSASS.EXE [544.2708] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 LSASS.EXE [544.2708] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1324] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1324] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1324] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1324] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1324] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1324] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1324] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1324] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1324] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1324] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1324] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1324] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1324] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1324] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1324] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1324] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1224] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1224] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1224] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1224] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1224] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1224] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1224] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1224] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1224] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1224] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1224] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1224] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1224] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1224] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1224] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1224] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1328] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1328] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1328] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1328] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1328] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1328] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1328] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1328] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1328] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1328] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1328] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1328] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1328] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1328] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1328] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1328] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1332] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1332] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1332] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1332] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1332] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1332] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1332] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1332] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1332] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1332] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1332] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1332] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1332] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1332] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1332] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1332] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1336] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1336] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1336] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1336] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1336] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1336] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1336] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1336] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1336] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1336] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1336] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1336] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1336] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1336] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1336] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1336] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1340] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1340] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1340] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1340] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1340] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1340] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1340] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1340] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1340] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1340] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1340] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1340] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1340] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1340] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1340] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1340] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1344] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1344] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1344] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1344] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1344] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1344] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1344] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1344] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1344] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1344] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1344] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1344] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1344] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1344] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1344] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1344] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1256] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1256] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1256] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1256] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1256] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1256] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1256] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1256] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1256] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1256] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1256] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1256] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1256] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1256] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1256] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1256] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1388] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1388] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1388] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1388] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1388] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1388] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1388] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1388] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1388] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1388] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1388] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1388] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1388] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1388] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1388] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1388] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1412] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1412] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1412] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1412] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1412] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1412] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1412] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1412] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1412] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1412] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1412] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1412] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1412] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1412] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1412] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1412] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1408] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1408] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1408] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1408] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1408] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1408] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1408] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1408] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1408] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1408] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1408] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1408] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1408] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1408] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1408] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1408] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:1284] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.1284] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.1284] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.1284] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.1284] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.1284] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.1284] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.1284] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.1284] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.1284] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.1284] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.1284] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.1284] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.1284] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.1284] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.1284] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:2268] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.2268] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.2268] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.2268] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.2268] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.2268] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.2268] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.2268] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.2268] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.2268] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.2268] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.2268] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.2268] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.2268] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.2268] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.2268] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [692:2776] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [692.2776] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [692.2776] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [692.2776] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [692.2776] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [692.2776] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [692.2776] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [692.2776] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [692.2776] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [692.2776] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [692.2776] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [692.2776] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [692.2776] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [692.2776] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [692.2776] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [692.2776] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [788:1676] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [788.1676] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [788.1676] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [788.1676] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [788.1676] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [788.1676] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [788.1676] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [788.1676] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [788.1676] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [788.1676] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [788.1676] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [788.1676] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [788.1676] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [788.1676] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [788.1676] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [788.1676] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [788:340] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [788.340] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [788.340] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [788.340] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [788.340] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [788.340] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [788.340] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [788.340] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [788.340] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [788.340] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [788.340] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [788.340] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [788.340] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [788.340] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [788.340] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [788.340] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [788:3208] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [788.3208] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [788.3208] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [788.3208] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [788.3208] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [788.3208] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [788.3208] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [788.3208] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [788.3208] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [788.3208] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [788.3208] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [788.3208] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [788.3208] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [788.3208] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [788.3208] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [788.3208] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1144] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1144] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1144] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1144] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1144] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1144] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1144] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1144] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1144] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1144] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1144] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1144] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1144] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1144] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1144] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1144] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1148] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1148] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1148] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1148] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1148] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1148] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1148] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1148] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1148] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1148] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1148] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1148] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1148] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1148] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1148] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1148] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1168] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1168] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1168] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1168] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1168] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1168] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1168] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1168] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1168] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1168] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1168] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1168] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1168] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1168] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1168] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1168] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1220] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1220] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1220] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1220] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1220] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1220] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1220] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1220] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1220] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1220] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1220] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1220] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1220] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1220] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1220] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1220] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1764] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1764] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1764] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1764] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1764] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1764] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1764] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1764] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1764] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1764] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1764] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1764] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1764] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1764] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1764] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1764] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1772] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1772] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1772] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1772] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1772] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1772] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1772] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1772] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1772] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1772] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1772] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1772] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1772] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1772] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1772] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1772] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1784] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1784] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1784] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1784] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1784] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1784] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1784] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1784] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1784] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1784] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1784] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1784] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1784] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1784] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1784] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1784] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1792] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1792] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1792] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1792] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1792] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1792] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1792] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1792] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1792] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1792] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1792] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1792] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1792] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1792] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1792] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1792] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1808] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1808] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1808] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1808] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1808] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1808] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1808] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1808] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1808] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1808] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1808] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1808] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1808] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1808] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1808] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1808] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1812] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1812] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1812] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1812] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1812] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1812] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1812] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1812] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1812] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1812] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1812] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1812] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1812] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1812] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1812] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1812] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1824] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1824] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1824] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1824] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1824] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1824] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1824] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1824] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1824] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1824] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1824] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1824] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1824] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1824] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1824] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1824] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1972] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1972] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1972] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1972] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1972] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1972] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1972] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1972] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1972] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1972] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1972] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1972] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1972] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1972] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1972] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1972] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1988] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1988] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1988] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1988] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1988] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1988] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1988] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1988] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1988] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1988] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1988] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1988] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1988] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1988] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1988] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1988] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2000] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.2000] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2000] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2000] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2000] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2000] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2000] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2000] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2000] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2000] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2000] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2000] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2000] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2000] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2000] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2000] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2004] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2004] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2004] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2004] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2004] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2004] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2004] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2004] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2004] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2004] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2004] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2004] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2004] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2004] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2004] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2004] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2028] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2028] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2028] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2028] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2028] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2028] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2028] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2028] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2028] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2028] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2028] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2028] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2028] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2028] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2028] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2028] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2032] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2032] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2032] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2032] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2032] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2032] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2032] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2032] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2032] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2032] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2032] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2032] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2032] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2032] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2032] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2032] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2036] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2036] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2036] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2036] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2036] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2036] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2036] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2036] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2036] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2036] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2036] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2036] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2036] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2036] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2036] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2036] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:152] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.152] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.152] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.152] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.152] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.152] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.152] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.152] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.152] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.152] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.152] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.152] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.152] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.152] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.152] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.152] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:156] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.156] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.156] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.156] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.156] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.156] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.156] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.156] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.156] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.156] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.156] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.156] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.156] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.156] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.156] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.156] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:164] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.164] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.164] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.164] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.164] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.164] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.164] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.164] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.164] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.164] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.164] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.164] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.164] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.164] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.164] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.164] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:180] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.180] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.180] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.180] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.180] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.180] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.180] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.180] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.180] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.180] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.180] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.180] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.180] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.180] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.180] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.180] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:228] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.228] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.228] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.228] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.228] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.228] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.228] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.228] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.228] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.228] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.228] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.228] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.228] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.228] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.228] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.228] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:316] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.316] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.316] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.316] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.316] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.316] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.316] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.316] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.316] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.316] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.316] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.316] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.316] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.316] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.316] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.316] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:328] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.328] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.328] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.328] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.328] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.328] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.328] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.328] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.328] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.328] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.328] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.328] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.328] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.328] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.328] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.328] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:348] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.348] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.348] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.348] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.348] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.348] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.348] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.348] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.348] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.348] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.348] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.348] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.348] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.348] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.348] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.348] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:360] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.360] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.360] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.360] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.360] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.360] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.360] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.360] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.360] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.360] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.360] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.360] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.360] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.360] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.360] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.360] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:420] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.420] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.420] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.420] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.420] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.420] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.420] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.420] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.420] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.420] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.420] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.420] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.420] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.420] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.420] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.420] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:440] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.440] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.440] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.440] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.440] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.440] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.440] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.440] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.440] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.440] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.440] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.440] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.440] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.440] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.440] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.440] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:656] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.656] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.656] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.656] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.656] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.656] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.656] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.656] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.656] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.656] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.656] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.656] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.656] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.656] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.656] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.656] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:648] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.648] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.648] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.648] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.648] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.648] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.648] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.648] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.648] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.648] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.648] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.648] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.648] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.648] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.648] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.648] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:548] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.548] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.548] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.548] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.548] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.548] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.548] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.548] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.548] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.548] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.548] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.548] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.548] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.548] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.548] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.548] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:844] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.844] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.844] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.844] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.844] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.844] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.844] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.844] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.844] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.844] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.844] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.844] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.844] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.844] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.844] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.844] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:848] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.848] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.848] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.848] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.848] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.848] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.848] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.848] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.848] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.848] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.848] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.848] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.848] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.848] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.848] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.848] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1268] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1268] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1268] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1268] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1268] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1268] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1268] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1268] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1268] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1268] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1268] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1268] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1268] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1268] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1268] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1268] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1272] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1272] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1272] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1272] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1272] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1272] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1272] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1272] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1272] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1272] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1272] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1272] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1272] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1272] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1272] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1272] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1296] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1296] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1296] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1296] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1296] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1296] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1296] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1296] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1296] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1296] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1296] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1296] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1296] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1296] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1296] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1296] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:748] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.748] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.748] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.748] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.748] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.748] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.748] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.748] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.748] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.748] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.748] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.748] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.748] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.748] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.748] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.748] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1500] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1500] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1500] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1500] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1500] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1500] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1500] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1500] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1500] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1500] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1500] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1500] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1500] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1500] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1500] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1500] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1884] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1884] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1884] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1884] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1884] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1884] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1884] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1884] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1884] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1884] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1884] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1884] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1884] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1884] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1884] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1884] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1896] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.1896] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1896] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1896] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1896] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1896] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1896] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1896] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1896] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1896] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1896] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1896] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1896] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1896] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1896] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1896] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:1904] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.1904] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.1904] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.1904] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.1904] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.1904] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.1904] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.1904] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.1904] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.1904] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.1904] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.1904] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.1904] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.1904] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.1904] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.1904] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2056] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2056] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2056] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2056] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2056] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2056] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2056] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2056] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2056] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2056] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2056] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2056] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2056] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2056] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2056] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2056] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2060] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.2060] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2060] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2060] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2060] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2060] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2060] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2060] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2060] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2060] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2060] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2060] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2060] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2060] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2060] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2060] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2076] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2076] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2076] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2076] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2076] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2076] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2076] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2076] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2076] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2076] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2076] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2076] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2076] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2076] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2076] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2076] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2080] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2080] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2080] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2080] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2080] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2080] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2080] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2080] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2080] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2080] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2080] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2080] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2080] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2080] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2080] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2080] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2084] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2084] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2084] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2084] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2084] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2084] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2084] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2084] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2084] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2084] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2084] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2084] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2084] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2084] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2084] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2084] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2092] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.2092] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2092] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2092] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2092] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2092] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2092] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2092] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2092] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2092] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2092] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2092] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2092] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2092] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2092] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2092] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2096] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2096] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2096] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2096] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2096] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2096] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2096] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2096] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2096] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2096] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2096] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2096] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2096] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2096] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2096] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2096] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2112] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2112] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2112] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2112] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2112] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2112] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2112] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2112] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2112] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2112] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2112] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2112] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2112] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2112] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2112] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2112] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2236] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2236] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2236] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2236] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2236] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2236] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2236] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2236] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2236] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2236] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2236] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2236] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2236] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2236] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2236] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2236] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2240] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2240] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2240] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2240] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2240] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2240] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2240] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2240] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2240] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2240] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2240] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2240] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2240] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2240] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2240] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2240] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2380] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2380] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2380] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2380] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2380] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2380] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2380] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2380] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2380] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2380] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2380] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2380] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2380] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2380] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2380] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2380] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2388] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2388] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2388] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2388] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2388] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2388] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2388] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2388] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2388] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2388] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2388] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2388] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2388] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2388] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2388] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2388] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2392] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2392] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2392] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2392] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2392] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2392] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2392] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2392] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2392] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2392] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2392] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2392] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2392] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2392] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2392] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2392] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2404] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2404] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2404] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2404] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2404] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2404] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2404] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2404] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2404] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2404] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2404] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2404] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2404] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2404] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2404] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2404] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2456] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2456] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2456] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2456] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2456] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2456] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2456] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2456] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2456] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2456] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2456] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2456] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2456] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2456] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2456] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2456] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2588] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2588] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2588] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2588] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2588] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2588] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2588] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2588] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2588] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2588] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2588] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2588] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2588] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2588] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2588] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2588] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2752] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.2752] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2752] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2752] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2752] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2752] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2752] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2752] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2752] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2752] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2752] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2752] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2752] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2752] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2752] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2752] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2756] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2756] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2756] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2756] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2756] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2756] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2756] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2756] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2756] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2756] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2756] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2756] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2756] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2756] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2756] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2756] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:2764] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [856.2764] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.2764] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.2764] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.2764] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.2764] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.2764] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.2764] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.2764] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.2764] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.2764] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.2764] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.2764] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.2764] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.2764] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.2764] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [856:3192] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [856.3192] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [856.3192] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [856.3192] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [856.3192] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [856.3192] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [856.3192] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [856.3192] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [856.3192] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [856.3192] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [856.3192] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [856.3192] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [856.3192] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [856.3192] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [856.3192] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [856.3192] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [908:212] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [908.212] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [908.212] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [908.212] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [908.212] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [908.212] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [908.212] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [908.212] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [908.212] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [908.212] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [908.212] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [908.212] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [908.212] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [908.212] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [908.212] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [908.212] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:1360] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.1360] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.1360] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.1360] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.1360] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.1360] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.1360] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.1360] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.1360] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.1360] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.1360] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.1360] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.1360] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.1360] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.1360] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.1360] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:1604] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.1604] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.1604] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.1604] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.1604] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.1604] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.1604] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.1604] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.1604] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.1604] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.1604] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.1604] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.1604] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.1604] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.1604] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.1604] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:1592] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.1592] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.1592] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.1592] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.1592] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.1592] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.1592] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.1592] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.1592] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.1592] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.1592] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.1592] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.1592] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.1592] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.1592] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.1592] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:1916] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.1916] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.1916] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.1916] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.1916] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.1916] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.1916] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.1916] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.1916] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.1916] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.1916] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.1916] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.1916] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.1916] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.1916] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.1916] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:2016] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.2016] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.2016] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.2016] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.2016] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.2016] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.2016] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.2016] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.2016] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.2016] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.2016] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.2016] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.2016] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.2016] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.2016] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.2016] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:2372] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.2372] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.2372] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.2372] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.2372] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.2372] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.2372] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.2372] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.2372] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.2372] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.2372] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.2372] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.2372] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.2372] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.2372] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.2372] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1020:2624] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1020.2624] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1020.2624] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1020.2624] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1020.2624] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1020.2624] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1020.2624] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1020.2624] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1020.2624] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1020.2624] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1020.2624] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1020.2624] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1020.2624] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1020.2624] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1020.2624] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1020.2624] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:192] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.192] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.192] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:196] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.196] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.196] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:232] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.232] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.232] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:236] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.236] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.236] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:240] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.240] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.240] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:256] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.256] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.256] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:304] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.304] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.304] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread SPOOLSV.EXE [1172:3168] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwOpenKey [0xABCF210F]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwOpenThread [0xABCF1F01]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwSetValueKey [0xABCF2413]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwSuspendThread [0xABCF2049]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 SPOOLSV.EXE [1172.3168] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread EXPLORER.EXE [1368:1400] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 EXPLORER.EXE [1368.1400] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwOpenKey [0xABCF210F]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwOpenThread [0xABCF1F01]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwSetValueKey [0xABCF2413]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwSuspendThread [0xABCF2049]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 EXPLORER.EXE [1368.1400] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread EXPLORER.EXE [1368:324] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 EXPLORER.EXE [1368.324] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwOpenKey [0xABCF210F]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwOpenThread [0xABCF1F01]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwSetValueKey [0xABCF2413]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwSuspendThread [0xABCF2049]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 EXPLORER.EXE [1368.324] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread EXPLORER.EXE [1368:2256] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 EXPLORER.EXE [1368.2256] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwOpenKey [0xABCF210F]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwOpenThread [0xABCF1F01]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwSetValueKey [0xABCF2413]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwSuspendThread [0xABCF2049]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 EXPLORER.EXE [1368.2256] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread EXPLORER.EXE [1368:2344] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 EXPLORER.EXE [1368.2344] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwOpenKey [0xABCF210F]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwOpenThread [0xABCF1F01]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwSetValueKey [0xABCF2413]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwSuspendThread [0xABCF2049]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 EXPLORER.EXE [1368.2344] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread EXPLORER.EXE [1368:2472] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 EXPLORER.EXE [1368.2472] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwOpenKey [0xABCF210F]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwOpenThread [0xABCF1F01]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwSetValueKey [0xABCF2413]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwSuspendThread [0xABCF2049]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 EXPLORER.EXE [1368.2472] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread EXPLORER.EXE [1368:2600] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 EXPLORER.EXE [1368.2600] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwOpenKey [0xABCF210F]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwOpenThread [0xABCF1F01]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwSetValueKey [0xABCF2413]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwSuspendThread [0xABCF2049]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 EXPLORER.EXE [1368.2600] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:1652] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.1652] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.1652] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:1864] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.1864] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.1864] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2272] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2272] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2272] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2276] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2276] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2276] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2280] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2280] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2280] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2284] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2284] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2284] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2300] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2300] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2300] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2304] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2304] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2304] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2312] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2312] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2312] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2316] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2316] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2316] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2324] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2324] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2324] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2328] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2328] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2328] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2356] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2356] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2356] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2360] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2360] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2360] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2364] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2364] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2364] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2408] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2408] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2408] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2412] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2412] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2412] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2568] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2568] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2568] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2584] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2584] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2584] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKProxy.exe [1608:2848] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKProxy.exe [1608.2848] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKProxy.exe [1608.2848] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKService.exe [1648:1680] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKService.exe [1648.1680] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKService.exe [1648.1680] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKService.exe [1648.1680] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKService.exe [1648.1680] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKService.exe [1648.1680] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKService.exe [1648.1680] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKService.exe [1648.1680] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKService.exe [1648.1680] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKService.exe [1648.1680] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKService.exe [1648.1680] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKService.exe [1648.1680] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKService.exe [1648.1680] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKService.exe [1648.1680] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKService.exe [1648.1680] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKService.exe [1648.1680] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKService.exe [1648:2532] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKService.exe [1648.2532] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKService.exe [1648.2532] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKService.exe [1648.2532] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKService.exe [1648.2532] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKService.exe [1648.2532] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKService.exe [1648.2532] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKService.exe [1648.2532] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKService.exe [1648.2532] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKService.exe [1648.2532] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKService.exe [1648.2532] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKService.exe [1648.2532] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKService.exe [1648.2532] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKService.exe [1648.2532] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKService.exe [1648.2532] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKService.exe [1648.2532] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKService.exe [1648:2656] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKService.exe [1648.2656] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKService.exe [1648.2656] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKService.exe [1648.2656] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKService.exe [1648.2656] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKService.exe [1648.2656] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKService.exe [1648.2656] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKService.exe [1648.2656] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKService.exe [1648.2656] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKService.exe [1648.2656] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKService.exe [1648.2656] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKService.exe [1648.2656] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKService.exe [1648.2656] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKService.exe [1648.2656] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKService.exe [1648.2656] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKService.exe [1648.2656] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKService.exe [1648:2808] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKService.exe [1648.2808] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKService.exe [1648.2808] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKService.exe [1648.2808] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKService.exe [1648.2808] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKService.exe [1648.2808] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKService.exe [1648.2808] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKService.exe [1648.2808] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKService.exe [1648.2808] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKService.exe [1648.2808] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKService.exe [1648.2808] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKService.exe [1648.2808] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKService.exe [1648.2808] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKService.exe [1648.2808] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKService.exe [1648.2808] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKService.exe [1648.2808] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:1716] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.1716] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.1716] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:1740] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.1740] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.1740] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:1016] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.1016] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.1016] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:764] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.764] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.764] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2288] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2288] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2288] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2468] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2468] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2468] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2484] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2484] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2484] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2488] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2488] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2488] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2492] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2492] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2492] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2496] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2496] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2496] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2500] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2500] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2500] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2504] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2504] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2504] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2512] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2512] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2512] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2516] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2516] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2516] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2520] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2520] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2520] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2592] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2592] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2592] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKWCtl.exe [1688:2596] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKWCtl.exe [1688.2596] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKWCtl.exe [1688.2596] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKTray.exe [1696:1744] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKTray.exe [1696.1744] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKTray.exe [1696.1744] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKTray.exe [1696.1744] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKTray.exe [1696.1744] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKTray.exe [1696.1744] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKTray.exe [1696.1744] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKTray.exe [1696.1744] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKTray.exe [1696.1744] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKTray.exe [1696.1744] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKTray.exe [1696.1744] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKTray.exe [1696.1744] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKTray.exe [1696.1744] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKTray.exe [1696.1744] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKTray.exe [1696.1744] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKTray.exe [1696.1744] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKTray.exe [1696:1852] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKTray.exe [1696.1852] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKTray.exe [1696.1852] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKTray.exe [1696.1852] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKTray.exe [1696.1852] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKTray.exe [1696.1852] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKTray.exe [1696.1852] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKTray.exe [1696.1852] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKTray.exe [1696.1852] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKTray.exe [1696.1852] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKTray.exe [1696.1852] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKTray.exe [1696.1852] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKTray.exe [1696.1852] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKTray.exe [1696.1852] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKTray.exe [1696.1852] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKTray.exe [1696.1852] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKTray.exe [1696:1856] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKTray.exe [1696.1856] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKTray.exe [1696.1856] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKTray.exe [1696.1856] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKTray.exe [1696.1856] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKTray.exe [1696.1856] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKTray.exe [1696.1856] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKTray.exe [1696.1856] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKTray.exe [1696.1856] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKTray.exe [1696.1856] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKTray.exe [1696.1856] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKTray.exe [1696.1856] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKTray.exe [1696.1856] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKTray.exe [1696.1856] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKTray.exe [1696.1856] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKTray.exe [1696.1856] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKTray.exe [1696:2296] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVKTray.exe [1696.2296] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKTray.exe [1696.2296] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKTray.exe [1696.2296] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKTray.exe [1696.2296] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKTray.exe [1696.2296] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKTray.exe [1696.2296] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKTray.exe [1696.2296] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKTray.exe [1696.2296] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKTray.exe [1696.2296] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKTray.exe [1696.2296] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKTray.exe [1696.2296] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKTray.exe [1696.2296] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKTray.exe [1696.2296] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKTray.exe [1696.2296] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKTray.exe [1696.2296] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVKTray.exe [1696:2860] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVKTray.exe [1696.2860] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVKTray.exe [1696.2860] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVKTray.exe [1696.2860] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVKTray.exe [1696.2860] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVKTray.exe [1696.2860] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVKTray.exe [1696.2860] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVKTray.exe [1696.2860] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVKTray.exe [1696.2860] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVKTray.exe [1696.2860] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVKTray.exe [1696.2860] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVKTray.exe [1696.2860] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVKTray.exe [1696.2860] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVKTray.exe [1696.2860] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVKTray.exe [1696.2860] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVKTray.exe [1696.2860] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread CTFMON.EXE [1776:1780] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 CTFMON.EXE [1776.1780] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwOpenKey [0xABCF210F]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwOpenThread [0xABCF1F01]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwSetValueKey [0xABCF2413]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwSuspendThread [0xABCF2049]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 CTFMON.EXE [1776.1780] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread MDM.EXE [1796:1800] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 MDM.EXE [1796.1800] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 MDM.EXE [1796.1800] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 MDM.EXE [1796.1800] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 MDM.EXE [1796.1800] ZwOpenKey [0xABCF210F]
SSDT 00002692 MDM.EXE [1796.1800] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 MDM.EXE [1796.1800] ZwOpenThread [0xABCF1F01]
SSDT 00002692 MDM.EXE [1796.1800] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 MDM.EXE [1796.1800] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 MDM.EXE [1796.1800] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 MDM.EXE [1796.1800] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 MDM.EXE [1796.1800] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 MDM.EXE [1796.1800] ZwSetValueKey [0xABCF2413]
SSDT 00002692 MDM.EXE [1796.1800] ZwSuspendThread [0xABCF2049]
SSDT 00002692 MDM.EXE [1796.1800] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 MDM.EXE [1796.1800] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread MDM.EXE [1796:1868] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 MDM.EXE [1796.1868] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 MDM.EXE [1796.1868] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 MDM.EXE [1796.1868] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 MDM.EXE [1796.1868] ZwOpenKey [0xABCF210F]
SSDT 00002692 MDM.EXE [1796.1868] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 MDM.EXE [1796.1868] ZwOpenThread [0xABCF1F01]
SSDT 00002692 MDM.EXE [1796.1868] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 MDM.EXE [1796.1868] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 MDM.EXE [1796.1868] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 MDM.EXE [1796.1868] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 MDM.EXE [1796.1868] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 MDM.EXE [1796.1868] ZwSetValueKey [0xABCF2413]
SSDT 00002692 MDM.EXE [1796.1868] ZwSuspendThread [0xABCF2049]
SSDT 00002692 MDM.EXE [1796.1868] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 MDM.EXE [1796.1868] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread MDM.EXE [1796:1872] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 MDM.EXE [1796.1872] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 MDM.EXE [1796.1872] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 MDM.EXE [1796.1872] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 MDM.EXE [1796.1872] ZwOpenKey [0xABCF210F]
SSDT 00002692 MDM.EXE [1796.1872] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 MDM.EXE [1796.1872] ZwOpenThread [0xABCF1F01]
SSDT 00002692 MDM.EXE [1796.1872] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 MDM.EXE [1796.1872] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 MDM.EXE [1796.1872] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 MDM.EXE [1796.1872] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 MDM.EXE [1796.1872] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 MDM.EXE [1796.1872] ZwSetValueKey [0xABCF2413]
SSDT 00002692 MDM.EXE [1796.1872] ZwSuspendThread [0xABCF2049]
SSDT 00002692 MDM.EXE [1796.1872] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 MDM.EXE [1796.1872] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread MDM.EXE [1796:1940] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 MDM.EXE [1796.1940] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 MDM.EXE [1796.1940] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 MDM.EXE [1796.1940] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 MDM.EXE [1796.1940] ZwOpenKey [0xABCF210F]
SSDT 00002692 MDM.EXE [1796.1940] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 MDM.EXE [1796.1940] ZwOpenThread [0xABCF1F01]
SSDT 00002692 MDM.EXE [1796.1940] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 MDM.EXE [1796.1940] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 MDM.EXE [1796.1940] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 MDM.EXE [1796.1940] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 MDM.EXE [1796.1940] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 MDM.EXE [1796.1940] ZwSetValueKey [0xABCF2413]
SSDT 00002692 MDM.EXE [1796.1940] ZwSuspendThread [0xABCF2049]
SSDT 00002692 MDM.EXE [1796.1940] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 MDM.EXE [1796.1940] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [1888:1892] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 RichVideo.exe [1888.1892] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 RichVideo.exe [1888.1892] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 RichVideo.exe [1888.1892] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 RichVideo.exe [1888.1892] ZwOpenKey [0xABCF210F]
SSDT 00002692 RichVideo.exe [1888.1892] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 RichVideo.exe [1888.1892] ZwOpenThread [0xABCF1F01]
SSDT 00002692 RichVideo.exe [1888.1892] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 RichVideo.exe [1888.1892] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 RichVideo.exe [1888.1892] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 RichVideo.exe [1888.1892] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 RichVideo.exe [1888.1892] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 RichVideo.exe [1888.1892] ZwSetValueKey [0xABCF2413]
SSDT 00002692 RichVideo.exe [1888.1892] ZwSuspendThread [0xABCF2049]
SSDT 00002692 RichVideo.exe [1888.1892] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 RichVideo.exe [1888.1892] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [1888:1948] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 RichVideo.exe [1888.1948] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 RichVideo.exe [1888.1948] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 RichVideo.exe [1888.1948] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 RichVideo.exe [1888.1948] ZwOpenKey [0xABCF210F]
SSDT 00002692 RichVideo.exe [1888.1948] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 RichVideo.exe [1888.1948] ZwOpenThread [0xABCF1F01]
SSDT 00002692 RichVideo.exe [1888.1948] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 RichVideo.exe [1888.1948] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 RichVideo.exe [1888.1948] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 RichVideo.exe [1888.1948] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 RichVideo.exe [1888.1948] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 RichVideo.exe [1888.1948] ZwSetValueKey [0xABCF2413]
SSDT 00002692 RichVideo.exe [1888.1948] ZwSuspendThread [0xABCF2049]
SSDT 00002692 RichVideo.exe [1888.1948] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 RichVideo.exe [1888.1948] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [1888:1976] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 RichVideo.exe [1888.1976] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 RichVideo.exe [1888.1976] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 RichVideo.exe [1888.1976] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 RichVideo.exe [1888.1976] ZwOpenKey [0xABCF210F]
SSDT 00002692 RichVideo.exe [1888.1976] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 RichVideo.exe [1888.1976] ZwOpenThread [0xABCF1F01]
SSDT 00002692 RichVideo.exe [1888.1976] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 RichVideo.exe [1888.1976] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 RichVideo.exe [1888.1976] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 RichVideo.exe [1888.1976] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 RichVideo.exe [1888.1976] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 RichVideo.exe [1888.1976] ZwSetValueKey [0xABCF2413]
SSDT 00002692 RichVideo.exe [1888.1976] ZwSuspendThread [0xABCF2049]
SSDT 00002692 RichVideo.exe [1888.1976] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 RichVideo.exe [1888.1976] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread RichVideo.exe [1888:2716] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 RichVideo.exe [1888.2716] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 RichVideo.exe [1888.2716] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 RichVideo.exe [1888.2716] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 RichVideo.exe [1888.2716] ZwOpenKey [0xABCF210F]
SSDT 00002692 RichVideo.exe [1888.2716] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 RichVideo.exe [1888.2716] ZwOpenThread [0xABCF1F01]
SSDT 00002692 RichVideo.exe [1888.2716] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 RichVideo.exe [1888.2716] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 RichVideo.exe [1888.2716] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 RichVideo.exe [1888.2716] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 RichVideo.exe [1888.2716] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 RichVideo.exe [1888.2716] ZwSetValueKey [0xABCF2413]
SSDT 00002692 RichVideo.exe [1888.2716] ZwSuspendThread [0xABCF2049]
SSDT 00002692 RichVideo.exe [1888.2716] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 RichVideo.exe [1888.2716] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1964:1968] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [1964.1968] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1964.1968] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1964.1968] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1964.1968] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1964.1968] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1964.1968] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1964.1968] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1964.1968] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1964.1968] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1964.1968] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1964.1968] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1964.1968] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1964.1968] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1964.1968] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1964.1968] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1964:2008] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 svchost.exe [1964.2008] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1964.2008] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1964.2008] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1964.2008] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1964.2008] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1964.2008] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1964.2008] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1964.2008] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1964.2008] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1964.2008] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1964.2008] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1964.2008] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1964.2008] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1964.2008] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1964.2008] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1964:2044] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1964.2044] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1964.2044] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1964.2044] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1964.2044] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1964.2044] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1964.2044] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1964.2044] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1964.2044] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1964.2044] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1964.2044] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1964.2044] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1964.2044] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1964.2044] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1964.2044] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1964.2044] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1964:120] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1964.120] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1964.120] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1964.120] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1964.120] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1964.120] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1964.120] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1964.120] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1964.120] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1964.120] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1964.120] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1964.120] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1964.120] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1964.120] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1964.120] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1964.120] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread svchost.exe [1964:344] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 svchost.exe [1964.344] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 svchost.exe [1964.344] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 svchost.exe [1964.344] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 svchost.exe [1964.344] ZwOpenKey [0xABCF210F]
SSDT 00002692 svchost.exe [1964.344] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 svchost.exe [1964.344] ZwOpenThread [0xABCF1F01]
SSDT 00002692 svchost.exe [1964.344] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 svchost.exe [1964.344] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 svchost.exe [1964.344] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 svchost.exe [1964.344] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 svchost.exe [1964.344] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 svchost.exe [1964.344] ZwSetValueKey [0xABCF2413]
SSDT 00002692 svchost.exe [1964.344] ZwSuspendThread [0xABCF2049]
SSDT 00002692 svchost.exe [1964.344] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 svchost.exe [1964.344] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WSCNTFY.EXE [2012:2052] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwOpenKey [0xABCF210F]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WSCNTFY.EXE [2012.2052] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WDFMGR.EXE [2020:2024] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WDFMGR.EXE [2020.2024] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwOpenKey [0xABCF210F]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WDFMGR.EXE [2020.2024] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WDFMGR.EXE [2020:176] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WDFMGR.EXE [2020.176] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwOpenKey [0xABCF210F]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WDFMGR.EXE [2020.176] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WDFMGR.EXE [2020:160] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WDFMGR.EXE [2020.160] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwOpenKey [0xABCF210F]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WDFMGR.EXE [2020.160] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WDFMGR.EXE [2020:2560] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WDFMGR.EXE [2020.2560] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwOpenKey [0xABCF210F]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WDFMGR.EXE [2020.2560] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WINWORD.EXE [2616:2620] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WINWORD.EXE [2616.2620] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwOpenKey [0xABCF210F]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WINWORD.EXE [2616.2620] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WINWORD.EXE [2616:2636] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WINWORD.EXE [2616.2636] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwOpenKey [0xABCF210F]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WINWORD.EXE [2616.2636] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WINWORD.EXE [2616:2652] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WINWORD.EXE [2616.2652] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwOpenKey [0xABCF210F]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WINWORD.EXE [2616.2652] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WINWORD.EXE [2616:3120] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WINWORD.EXE [2616.3120] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwOpenKey [0xABCF210F]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WINWORD.EXE [2616.3120] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2792] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2792] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2792] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2792] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2792] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2792] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2792] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2792] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2792] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2792] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2792] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2792] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2792] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2792] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2792] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2792] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2796] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2796] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2796] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2796] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2796] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2796] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2796] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2796] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2796] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2796] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2796] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2796] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2796] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2796] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2796] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2796] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2800] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2800] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2800] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2800] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2800] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2800] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2800] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2800] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2800] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2800] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2800] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2800] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2800] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2800] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2800] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2800] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2804] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2804] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2804] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2804] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2804] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2804] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2804] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2804] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2804] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2804] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2804] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2804] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2804] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2804] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2804] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2804] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2812] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2812] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2812] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2812] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2812] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2812] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2812] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2812] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2812] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2812] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2812] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2812] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2812] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2812] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2812] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2812] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2816] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2816] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2816] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2816] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2816] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2816] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2816] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2816] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2816] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2816] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2816] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2816] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2816] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2816] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2816] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2816] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2820] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2820] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2820] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2820] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2820] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2820] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2820] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2820] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2820] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2820] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2820] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2820] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2820] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2820] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2820] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2820] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2836] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2836] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2836] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2836] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2836] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2836] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2836] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2836] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2836] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2836] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2836] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2836] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2836] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2836] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2836] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2836] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2844] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2844] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2844] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2844] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2844] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2844] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2844] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2844] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2844] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2844] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2844] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2844] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2844] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2844] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2844] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2844] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:2884] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.2884] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.2884] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.2884] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.2884] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.2884] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.2884] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.2884] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.2884] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.2884] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.2884] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.2884] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.2884] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.2884] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.2884] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.2884] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3084] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3084] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3084] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3084] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3084] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3084] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3084] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3084] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3084] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3084] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3084] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3084] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3084] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3084] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3084] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3084] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3088] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3088] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3088] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3088] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3088] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3088] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3088] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3088] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3088] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3088] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3088] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3088] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3088] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3088] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3088] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3088] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3092] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3092] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3092] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3092] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3092] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3092] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3092] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3092] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3092] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3092] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3092] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3092] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3092] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3092] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3092] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3092] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3096] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3096] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3096] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3096] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3096] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3096] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3096] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3096] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3096] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3096] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3096] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3096] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3096] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3096] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3096] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3096] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3100] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3100] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3100] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3100] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3100] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3100] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3100] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3100] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3100] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3100] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3100] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3100] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3100] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3100] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3100] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3100] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3104] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3104] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3104] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3104] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3104] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3104] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3104] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3104] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3104] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3104] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3104] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3104] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3104] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3104] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3104] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3104] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3108] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3108] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3108] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3108] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3108] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3108] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3108] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3108] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3108] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3108] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3108] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3108] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3108] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3108] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3108] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3108] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread AVK.exe [2788:3144] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 AVK.exe [2788.3144] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 AVK.exe [2788.3144] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 AVK.exe [2788.3144] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 AVK.exe [2788.3144] ZwOpenKey [0xABCF210F]
SSDT 00002692 AVK.exe [2788.3144] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 AVK.exe [2788.3144] ZwOpenThread [0xABCF1F01]
SSDT 00002692 AVK.exe [2788.3144] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 AVK.exe [2788.3144] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 AVK.exe [2788.3144] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 AVK.exe [2788.3144] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 AVK.exe [2788.3144] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 AVK.exe [2788.3144] ZwSetValueKey [0xABCF2413]
SSDT 00002692 AVK.exe [2788.3144] ZwSuspendThread [0xABCF2049]
SSDT 00002692 AVK.exe [2788.3144] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 AVK.exe [2788.3144] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [2852:2856] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [2852.2856] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [2852:2864] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [2852.2864] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [2852:2872] SSDT 0x84CD5008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [2852.2872] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread WUAUCLT.EXE [2852:2876] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwOpenKey [0xABCF210F]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwOpenThread [0xABCF1F01]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwSetValueKey [0xABCF2413]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwSuspendThread [0xABCF2049]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 WUAUCLT.EXE [2852.2876] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread msiexec.exe [2892:2896] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 msiexec.exe [2892.2896] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 msiexec.exe [2892.2896] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 msiexec.exe [2892.2896] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 msiexec.exe [2892.2896] ZwOpenKey [0xABCF210F]
SSDT 00002692 msiexec.exe [2892.2896] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 msiexec.exe [2892.2896] ZwOpenThread [0xABCF1F01]
SSDT 00002692 msiexec.exe [2892.2896] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 msiexec.exe [2892.2896] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 msiexec.exe [2892.2896] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 msiexec.exe [2892.2896] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 msiexec.exe [2892.2896] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 msiexec.exe [2892.2896] ZwSetValueKey [0xABCF2413]
SSDT 00002692 msiexec.exe [2892.2896] ZwSuspendThread [0xABCF2049]
SSDT 00002692 msiexec.exe [2892.2896] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 msiexec.exe [2892.2896] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread msiexec.exe [2892:2908] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 msiexec.exe [2892.2908] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 msiexec.exe [2892.2908] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 msiexec.exe [2892.2908] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 msiexec.exe [2892.2908] ZwOpenKey [0xABCF210F]
SSDT 00002692 msiexec.exe [2892.2908] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 msiexec.exe [2892.2908] ZwOpenThread [0xABCF1F01]
SSDT 00002692 msiexec.exe [2892.2908] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 msiexec.exe [2892.2908] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 msiexec.exe [2892.2908] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 msiexec.exe [2892.2908] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 msiexec.exe [2892.2908] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 msiexec.exe [2892.2908] ZwSetValueKey [0xABCF2413]
SSDT 00002692 msiexec.exe [2892.2908] ZwSuspendThread [0xABCF2049]
SSDT 00002692 msiexec.exe [2892.2908] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 msiexec.exe [2892.2908] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread msiexec.exe [2892:2912] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 msiexec.exe [2892.2912] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 msiexec.exe [2892.2912] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 msiexec.exe [2892.2912] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 msiexec.exe [2892.2912] ZwOpenKey [0xABCF210F]
SSDT 00002692 msiexec.exe [2892.2912] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 msiexec.exe [2892.2912] ZwOpenThread [0xABCF1F01]
SSDT 00002692 msiexec.exe [2892.2912] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 msiexec.exe [2892.2912] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 msiexec.exe [2892.2912] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 msiexec.exe [2892.2912] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 msiexec.exe [2892.2912] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 msiexec.exe [2892.2912] ZwSetValueKey [0xABCF2413]
SSDT 00002692 msiexec.exe [2892.2912] ZwSuspendThread [0xABCF2049]
SSDT 00002692 msiexec.exe [2892.2912] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 msiexec.exe [2892.2912] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread msiexec.exe [2892:2920] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 msiexec.exe [2892.2920] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 msiexec.exe [2892.2920] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 msiexec.exe [2892.2920] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 msiexec.exe [2892.2920] ZwOpenKey [0xABCF210F]
SSDT 00002692 msiexec.exe [2892.2920] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 msiexec.exe [2892.2920] ZwOpenThread [0xABCF1F01]
SSDT 00002692 msiexec.exe [2892.2920] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 msiexec.exe [2892.2920] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 msiexec.exe [2892.2920] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 msiexec.exe [2892.2920] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 msiexec.exe [2892.2920] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 msiexec.exe [2892.2920] ZwSetValueKey [0xABCF2413]
SSDT 00002692 msiexec.exe [2892.2920] ZwSuspendThread [0xABCF2049]
SSDT 00002692 msiexec.exe [2892.2920] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 msiexec.exe [2892.2920] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread msiexec.exe [2892:2956] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 msiexec.exe [2892.2956] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 msiexec.exe [2892.2956] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 msiexec.exe [2892.2956] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 msiexec.exe [2892.2956] ZwOpenKey [0xABCF210F]
SSDT 00002692 msiexec.exe [2892.2956] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 msiexec.exe [2892.2956] ZwOpenThread [0xABCF1F01]
SSDT 00002692 msiexec.exe [2892.2956] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 msiexec.exe [2892.2956] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 msiexec.exe [2892.2956] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 msiexec.exe [2892.2956] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 msiexec.exe [2892.2956] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 msiexec.exe [2892.2956] ZwSetValueKey [0xABCF2413]
SSDT 00002692 msiexec.exe [2892.2956] ZwSuspendThread [0xABCF2049]
SSDT 00002692 msiexec.exe [2892.2956] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 msiexec.exe [2892.2956] ZwWriteVirtualMemory [0xABCF2675]

---- Threads - GMER 1.0.15 ----

Thread icpjj5cg.exe [3448:3452] SSDT 0x849F8008 != 0x80501224

SSDT 00002692 icpjj5cg.exe [3448.3452] ZwDeleteValueKey [0xABCF2517]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwEnumerateKey [0xABCF21C7]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwEnumerateValueKey [0xABCF22D3]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwOpenKey [0xABCF210F]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwOpenProcess [0xABCF1E79]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwOpenThread [0xABCF1F01]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwProtectVirtualMemory [0xABCF26DB]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwQueryDirectoryFile [0xABCF1CA0]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwQuerySystemInformation [0xABCF1D73]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwReadVirtualMemory [0xABCF260F]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwSetContextThread [0xABCF20AC]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwSetValueKey [0xABCF2413]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwSuspendThread [0xABCF2049]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwTerminateThread [0xABCF1FE6]
SSDT 00002692 icpjj5cg.exe [3448.3452] ZwWriteVirtualMemory [0xABCF2675]

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\TEMP\wsrpkq.sys (*** hidden *** ) [AUTO] baxnpbhhvuc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@ImagePath \??\C:\WINDOWS\TEMP\wsrpkq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@DisplayName \??\C:\WINDO
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@Start 2
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@RulesData 0x03 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@krnl_sleepfreq 0x05 0x00 0x00 0x00
Reg HKLM\SYSTEM\ControlSet001\Services\baxnpbhhvuc@krnl_servers_list 0x68 0x74 0x74 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@ImagePath \??\C:\WINDOWS\TEMP\wsrpkq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@DisplayName \??\C:\WINDO
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@RulesData 0x03 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@krnl_sleepfreq 0x05 0x00 0x00 0x00
Reg HKLM\SYSTEM\CurrentControlSet\Services\baxnpbhhvuc@krnl_servers_list 0x68 0x74 0x74 0x70 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



HJTLog:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 08:12:55, on 01.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\Anti-Virus Profi-Paket\AVK\AVKService.exe
C:\Programme\Anti-Virus Profi-Paket\AVK\AVKWCtl.exe
C:\Programme\Anti-Virus Profi-Paket\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Anti-Virus Profi-Paket\AVK\AVK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\Anti-Virus Profi-Paket\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\Anti-Virus Profi-Paket\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [UStorag] c:\programme\u-storage tools2.5\ustorage.exe sys_auto_run C:\Programme\U-Storage Tools2.5
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\Anti-Virus Profi-Paket\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [keioye] C:\Dokumente und Einstellungen\user\keioye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programme\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
O23 - Service: ANTI-VIRUS Profi-Paket Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Scheduler (AVKService) - Unknown owner - C:\Programme\Anti-Virus Profi-Paket\AVK\AVKService.exe
O23 - Service: AntiVirus Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\Anti-Virus Profi-Paket\AVK\AVKWCtl.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6825 bytes


Vielen Dank für eure Hilfe.
Liebe Grüße Claudia
Seitenanfang Seitenende
01.04.2010, 14:45
Moderator

Beiträge: 5694
#2 Hallo und Willkommen auf Protecus.de

Da hilft nichts mehr als die Kiste komplett neu aufzusetzen. Rootkits, Backdoors.

Halte Dich dabei an diese Anleitung.
Seitenanfang Seitenende
02.04.2010, 07:55
Member

Themenstarter

Beiträge: 13
#3 Schade. Ich hatte gehofft dass sich das vermeiden lässt.
Auf jeden Fall vielen Dank.
LG
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: