rkqm

Members

View Profile See their activity

Posts
2
Joined
September 22, 2018
Last visited
September 22, 2018

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by rkqm

Only GMER detects possible rootkit

rkqm replied to rkqm's topic in Resolved Malware Removal Logs

My network and other computers have had a lot of problems so I figured I do a bunch of scans on this one. I've heard that certain files like svchost can be masked or secretly infected so I'm unsure what files to trust, but like I've said only GMER has picked them up as infected or suspicious files. Idk
Only GMER detects possible rootkit

rkqm posted a topic in Resolved Malware Removal Logs

I'm starting to believe I have a virus or rootkit of some sort, so I've downloaded and scanned my system (multiple times) w/Bitdefender, Malwarebytes (with rootkit check enabled), Malwarebytes Anti-Rootkit, and GMER. GMER is the only one that consistently picks up a possible rootkit, and they're different files after I fix the previous detected files. This only happens when I do a quickscan with GMER, as when I do a fullscan with GMER it crashes my computer everytime on a file named "kfldiuod.sys", which I can't find any information for, except in the Running section of the log. Here are my current GMER logs on the quickscan; -- GMER 2.2.19882 Rootkit scan 2018-09-22 07:45:58 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\00000046 NVMe____ rev.3D1Q 238.47GB Running: gmer.exe; Driver: C:\Users\TRAVEL~1\AppData\Local\Temp\kfldiuod.sys ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- System - GMER 2.2 ---- SSDT ZwAcceptConnectPort fffff80070bb8f7c ntoskrnl.exe [unknown section] SSDT ZwAccessCheck fffff8007068df6c ntoskrnl.exe [unknown section] SSDT ZwAccessCheckAndAuditAlarm fffff80070bc7368 ntoskrnl.exe [unknown section] SSDT ZwAccessCheckByType fffff8007071da08 ntoskrnl.exe [unknown section] SSDT ZwAccessCheckByTypeAndAuditAlarm fffff80070bc73f4 ntoskrnl.exe [unknown section] SSDT ZwAccessCheckByTypeResultList fffff800708b01ac ntoskrnl.exe [unknown section] SSDT ZwAccessCheckByTypeResultListAndAuditAlarm fffff80070da6b70 ntoskrnl.exe [unknown section] SSDT ZwAccessCheckByTypeResultListAndAuditAlarmByHandle fffff80070da6c1c ntoskrnl.exe [unknown section] SSDT ZwAcquireProcessActivityReference fffff80070bcee7c ntoskrnl.exe [unknown section] SSDT ZwAddAtom fffff80070ddbfa0 ntoskrnl.exe [unknown section] SSDT ZwAddAtomEx fffff80070ba571c ntoskrnl.exe [unknown section] SSDT ZwAddBootEntry fffff80070dd85c0 ntoskrnl.exe [unknown section] SSDT ZwAddDriverEntry fffff80070dd85f0 ntoskrnl.exe [unknown section] SSDT ZwAdjustGroupsToken fffff80070badfe8 ntoskrnl.exe [unknown section] SSDT ZwAdjustPrivilegesToken fffff80070b1da20 ntoskrnl.exe [unknown section] SSDT ZwAdjustTokenClaimsAndDeviceGroups fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwAlertResumeThread fffff80070d9423c ntoskrnl.exe [unknown section] SSDT ZwAlertThread fffff80070d94350 ntoskrnl.exe [unknown section] SSDT ZwAlertThreadByThreadId fffff80070b256a0 ntoskrnl.exe [unknown section] SSDT ZwAllocateLocallyUniqueId fffff80070b94bf0 ntoskrnl.exe [unknown section] SSDT ZwAllocateReserveObject fffff80070bb4704 ntoskrnl.exe [unknown section] SSDT ZwAllocateUserPhysicalPages fffff80070d659bc ntoskrnl.exe [unknown section] SSDT ZwAllocateUuids fffff80070baa430 ntoskrnl.exe [unknown section] SSDT ZwAllocateVirtualMemory fffff80070af00a0 ntoskrnl.exe [unknown section] SSDT ZwAllocateVirtualMemoryEx fffff80070b26f34 ntoskrnl.exe [unknown section] SSDT ZwAlpcAcceptConnectPort fffff80070b49a0c ntoskrnl.exe [unknown section] SSDT ZwAlpcCancelMessage fffff80070bc0520 ntoskrnl.exe [unknown section] SSDT ZwAlpcConnectPort fffff80070b45d00 ntoskrnl.exe [unknown section] SSDT ZwAlpcConnectPortEx fffff80070b45ea4 ntoskrnl.exe [unknown section] SSDT ZwAlpcCreatePort fffff80070bad794 ntoskrnl.exe [unknown section] SSDT ZwAlpcCreatePortSection fffff80070b46008 ntoskrnl.exe [unknown section] SSDT ZwAlpcCreateResourceReserve fffff80070b9e030 ntoskrnl.exe [unknown section] SSDT ZwAlpcCreateSectionView fffff80070b475f4 ntoskrnl.exe [unknown section] SSDT ZwAlpcCreateSecurityContext fffff80070b9b90c ntoskrnl.exe [unknown section] SSDT ZwAlpcDeletePortSection fffff80070b45f20 ntoskrnl.exe [unknown section] SSDT ZwAlpcDeleteResourceReserve fffff80070d5dd84 ntoskrnl.exe [unknown section] SSDT ZwAlpcDeleteSectionView fffff80070b45d7c ntoskrnl.exe [unknown section] SSDT ZwAlpcDeleteSecurityContext fffff80070b477b8 ntoskrnl.exe [unknown section] SSDT ZwAlpcDisconnectPort fffff80070baea20 ntoskrnl.exe [unknown section] SSDT ZwAlpcImpersonateClientContainerOfPort fffff80070d5d024 ntoskrnl.exe [unknown section] SSDT ZwAlpcImpersonateClientOfPort fffff80070b01420 ntoskrnl.exe [unknown section] SSDT ZwAlpcOpenSenderProcess fffff80070b4b534 ntoskrnl.exe [unknown section] SSDT ZwAlpcOpenSenderThread fffff80070b23544 ntoskrnl.exe [unknown section] SSDT ZwAlpcQueryInformation fffff80070b915d0 ntoskrnl.exe [unknown section] SSDT ZwAlpcQueryInformationMessage fffff80070b9bae4 ntoskrnl.exe [unknown section] SSDT ZwAlpcRevokeSecurityContext fffff80070d5d248 ntoskrnl.exe [unknown section] SSDT ZwAlpcSendWaitReceivePort fffff80070afbec0 ntoskrnl.exe [unknown section] SSDT ZwAlpcSetInformation fffff80070b63910 ntoskrnl.exe [unknown section] SSDT ZwApphelpCacheControl fffff80070b94070 ntoskrnl.exe [unknown section] SSDT ZwAreMappedFilesTheSame fffff80070bfcea0 ntoskrnl.exe [unknown section] SSDT ZwAssignProcessToJobObject fffff80070b664a0 ntoskrnl.exe [unknown section] SSDT ZwAssociateWaitCompletionPacket fffff800706bf850 ntoskrnl.exe [unknown section] SSDT ZwCallEnclave fffff800707a4ee0 ntoskrnl.exe [unknown section] SSDT ZwCallbackReturn fffff8007079f1a0 ntoskrnl.exe [unknown section] SSDT ZwCancelIoFile fffff80070b42ecc ntoskrnl.exe [unknown section] SSDT ZwCancelIoFileEx fffff80070b43950 ntoskrnl.exe [unknown section] SSDT ZwCancelSynchronousIoFile fffff80070d32dc8 ntoskrnl.exe [unknown section] SSDT ZwCancelTimer fffff800706f72b0 ntoskrnl.exe [unknown section] SSDT ZwCancelTimer2 fffff8007073102c ntoskrnl.exe [unknown section] SSDT ZwCancelWaitCompletionPacket fffff800706bf538 ntoskrnl.exe [unknown section] SSDT ZwClearEvent fffff80070b96b60 ntoskrnl.exe [unknown section] SSDT ZwClose fffff80070ae08d0 ntoskrnl.exe [unknown section] SSDT ZwCloseObjectAuditAlarm fffff80070ba7b24 ntoskrnl.exe [unknown section] SSDT ZwCommitComplete fffff80070779440 ntoskrnl.exe [unknown section] SSDT ZwCommitEnlistment fffff80070779450 ntoskrnl.exe [unknown section] SSDT ZwCommitRegistryTransaction fffff80070b89168 ntoskrnl.exe [unknown section] SSDT ZwCommitTransaction fffff80070779460 ntoskrnl.exe [unknown section] SSDT ZwCompactKeys fffff80070d0199c ntoskrnl.exe [unknown section] SSDT ZwCompareObjects fffff80070bb568c ntoskrnl.exe [unknown section] SSDT ZwCompareSigningLevels fffff80070bbff00 ntoskrnl.exe [unknown section] SSDT ZwCompareTokens fffff80070b2b584 ntoskrnl.exe [unknown section] SSDT ZwCompleteConnectPort fffff80070bbcb80 ntoskrnl.exe [unknown section] SSDT ZwCompressKey fffff80070d01c7c ntoskrnl.exe [unknown section] SSDT ZwConnectPort fffff80070b44ec0 ntoskrnl.exe [unknown section] SSDT ZwContinue fffff8007079bd80 ntoskrnl.exe [unknown section] SSDT ZwConvertBetweenAuxiliaryCounterAndPerformanceCounter fffff80070ddd748 ntoskrnl.exe [unknown section] SSDT ZwCreateDebugObject fffff80070d25410 ntoskrnl.exe [unknown section] SSDT ZwCreateDirectoryObject fffff80070ba5940 ntoskrnl.exe [unknown section] SSDT ZwCreateDirectoryObjectEx fffff80070ba5924 ntoskrnl.exe [unknown section] SSDT ZwCreateEnclave fffff80070d68a04 ntoskrnl.exe [unknown section] SSDT ZwCreateEnlistment fffff80070779470 ntoskrnl.exe [unknown section] SSDT ZwCreateEvent fffff80070af61b0 ntoskrnl.exe [unknown section] SSDT ZwCreateEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwCreateFile fffff80070b51380 ntoskrnl.exe [unknown section] SSDT ZwCreateIRTimer fffff80070c1f608 ntoskrnl.exe [unknown section] SSDT ZwCreateIoCompletion fffff80070ba3280 ntoskrnl.exe [unknown section] SSDT ZwCreateJobObject fffff80070ba9dc0 ntoskrnl.exe [unknown section] SSDT ZwCreateJobSet fffff80070bca5d0 ntoskrnl.exe [unknown section] SSDT ZwCreateKey fffff80070b31d48 ntoskrnl.exe [unknown section] SSDT ZwCreateKeyTransacted fffff80070b88b6c ntoskrnl.exe [unknown section] SSDT ZwCreateKeyedEvent fffff80070c53e00 ntoskrnl.exe [unknown section] SSDT ZwCreateLowBoxToken fffff80070b7af60 ntoskrnl.exe [unknown section] SSDT ZwCreateMailslotFile fffff80070a9f580 ntoskrnl.exe [unknown section] SSDT ZwCreateMutant fffff80070b993e8 ntoskrnl.exe [unknown section] SSDT ZwCreateNamedPipeFile fffff80070bb0b28 ntoskrnl.exe [unknown section] SSDT ZwCreatePagingFile fffff80070c46028 ntoskrnl.exe [unknown section] SSDT ZwCreatePartition fffff80070d94834 ntoskrnl.exe [unknown section] SSDT ZwCreatePort fffff80070bf4a1c ntoskrnl.exe [unknown section] SSDT ZwCreatePrivateNamespace fffff80070b7a0a4 ntoskrnl.exe [unknown section] SSDT ZwCreateProcess fffff80070d8e334 ntoskrnl.exe [unknown section] SSDT ZwCreateProcessEx fffff80070bcfe6c ntoskrnl.exe [unknown section] SSDT ZwCreateProfile fffff80070ddd864 ntoskrnl.exe [unknown section] SSDT ZwCreateProfileEx fffff80070ddd940 ntoskrnl.exe [unknown section] SSDT ZwCreateRegistryTransaction fffff80070bbe7b8 ntoskrnl.exe [unknown section] SSDT ZwCreateResourceManager fffff80070779480 ntoskrnl.exe [unknown section] SSDT ZwCreateSection fffff80070af42d0 ntoskrnl.exe [unknown section] SSDT ZwCreateSemaphore fffff80070af4cb0 ntoskrnl.exe [unknown section] SSDT ZwCreateSymbolicLinkObject fffff80070bada78 ntoskrnl.exe [unknown section] SSDT ZwCreateThread fffff80070d8e3bc ntoskrnl.exe [unknown section] SSDT ZwCreateThreadEx fffff80070ac0580 ntoskrnl.exe [unknown section] SSDT ZwCreateTimer fffff80070b257a8 ntoskrnl.exe [unknown section] SSDT ZwCreateTimer2 fffff80070b64030 ntoskrnl.exe [unknown section] SSDT ZwCreateToken fffff80070da810c ntoskrnl.exe [unknown section] SSDT ZwCreateTokenEx fffff80070b78500 ntoskrnl.exe [unknown section] SSDT ZwCreateTransaction fffff80070779490 ntoskrnl.exe [unknown section] SSDT ZwCreateTransactionManager fffff800707794a0 ntoskrnl.exe [unknown section] SSDT ZwCreateUserProcess fffff80070b503f4 ntoskrnl.exe [unknown section] SSDT ZwCreateWaitCompletionPacket fffff80070b9b800 ntoskrnl.exe [unknown section] SSDT ZwCreateWaitablePort fffff80070c1ef3c ntoskrnl.exe [unknown section] SSDT ZwCreateWnfStateName fffff80070b4feb8 ntoskrnl.exe [unknown section] SSDT ZwCreateWorkerFactory fffff80070b63cd4 ntoskrnl.exe [unknown section] SSDT ZwDebugActiveProcess fffff80070d255f8 ntoskrnl.exe [unknown section] SSDT ZwDebugContinue fffff80070d257f8 ntoskrnl.exe [unknown section] SSDT ZwDelayExecution fffff80070aec500 ntoskrnl.exe [unknown section] SSDT ZwDeleteAtom fffff80070b90650 ntoskrnl.exe [unknown section] SSDT ZwDeleteBootEntry fffff80070dd8620 ntoskrnl.exe [unknown section] SSDT ZwDeleteDriverEntry fffff80070dd87a8 ntoskrnl.exe [unknown section] SSDT ZwDeleteFile fffff80070bfea20 ntoskrnl.exe [unknown section] SSDT ZwDeleteKey fffff80070b2f054 ntoskrnl.exe [unknown section] SSDT ZwDeleteObjectAuditAlarm fffff80070bff1f0 ntoskrnl.exe [unknown section] SSDT ZwDeletePrivateNamespace fffff80070a9fa44 ntoskrnl.exe [unknown section] SSDT ZwDeleteValueKey fffff80070b3020c ntoskrnl.exe [unknown section] SSDT ZwDeleteWnfStateData fffff80070c5ab8c ntoskrnl.exe [unknown section] SSDT ZwDeleteWnfStateName fffff80070ba4110 ntoskrnl.exe [unknown section] SSDT ZwDeviceIoControlFile fffff80070ae1840 ntoskrnl.exe [unknown section] SSDT ZwDisableLastKnownGood fffff80070bfef08 ntoskrnl.exe [unknown section] SSDT ZwDisplayString fffff80070dd2a10 ntoskrnl.exe [unknown section] SSDT ZwDrawText fffff800708c7f20 ntoskrnl.exe [unknown section] SSDT ZwDuplicateObject fffff80070ac5eb0 ntoskrnl.exe [unknown section] SSDT ZwDuplicateToken fffff80070af3500 ntoskrnl.exe [unknown section] SSDT ZwEnableLastKnownGood fffff80070bfde8c ntoskrnl.exe [unknown section] SSDT ZwEnumerateBootEntries fffff80070dd8930 ntoskrnl.exe [unknown section] SSDT ZwEnumerateDriverEntries fffff80070dd8f78 ntoskrnl.exe [unknown section] SSDT ZwEnumerateKey fffff80070ad0c10 ntoskrnl.exe [unknown section] SSDT ZwEnumerateSystemEnvironmentValuesEx fffff80070dd9428 ntoskrnl.exe [unknown section] SSDT ZwEnumerateTransactionObject fffff800707794b0 ntoskrnl.exe [unknown section] SSDT ZwEnumerateValueKey fffff80070b08940 ntoskrnl.exe [unknown section] SSDT ZwExtendSection fffff80070bbf9d8 ntoskrnl.exe [unknown section] SSDT ZwFilterBootOption fffff80070da945c ntoskrnl.exe [unknown section] SSDT ZwFilterToken fffff80070bbab04 ntoskrnl.exe [unknown section] SSDT ZwFilterTokenEx fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwFindAtom fffff80070ac5220 ntoskrnl.exe [unknown section] SSDT ZwFlushBuffersFile fffff80070b9f174 ntoskrnl.exe [unknown section] SSDT ZwFlushBuffersFileEx fffff80070b9f198 ntoskrnl.exe [unknown section] SSDT ZwFlushInstallUILanguage fffff80070c5de74 ntoskrnl.exe [unknown section] SSDT ZwFlushInstructionCache fffff80070bbcb80 ntoskrnl.exe [unknown section] SSDT ZwFlushKey fffff80070bb8880 ntoskrnl.exe [unknown section] SSDT ZwFlushProcessWriteBuffers fffff800706ae3f0 ntoskrnl.exe [unknown section] SSDT ZwFlushVirtualMemory fffff80070aa24f0 ntoskrnl.exe [unknown section] SSDT ZwFlushWriteBuffer fffff80070d69810 ntoskrnl.exe [unknown section] SSDT ZwFreeUserPhysicalPages fffff80070873eb4 ntoskrnl.exe [unknown section] SSDT ZwFreeVirtualMemory fffff80070ac9210 ntoskrnl.exe [unknown section] SSDT ZwFreezeRegistry fffff80070d01e78 ntoskrnl.exe [unknown section] SSDT ZwFreezeTransactions fffff800707794c0 ntoskrnl.exe [unknown section] SSDT ZwFsControlFile fffff80070b9c920 ntoskrnl.exe [unknown section] SSDT ZwGetCachedSigningLevel fffff80070ba783c ntoskrnl.exe [unknown section] SSDT ZwGetCompleteWnfStateSubscription fffff80070b4c238 ntoskrnl.exe [unknown section] SSDT ZwGetContextThread fffff80070bb958c ntoskrnl.exe [unknown section] SSDT ZwGetCurrentProcessorNumber fffff80070d902d4 ntoskrnl.exe [unknown section] SSDT ZwGetCurrentProcessorNumberEx fffff80070d90324 ntoskrnl.exe [unknown section] SSDT ZwGetDevicePowerState fffff80070d7ae14 ntoskrnl.exe [unknown section] SSDT ZwGetMUIRegistryInfo fffff80070b62c58 ntoskrnl.exe [unknown section] SSDT ZwGetNextProcess fffff80070c193c0 ntoskrnl.exe [unknown section] SSDT ZwGetNextThread fffff80070bce580 ntoskrnl.exe [unknown section] SSDT ZwGetNlsSectionPtr fffff80070b91f4c ntoskrnl.exe [unknown section] SSDT ZwGetNotificationResourceManager fffff800707794d0 ntoskrnl.exe [unknown section] SSDT ZwGetWriteWatch fffff8007063b8d0 ntoskrnl.exe [unknown section] SSDT ZwImpersonateAnonymousToken fffff80070aaa4c0 ntoskrnl.exe [unknown section] SSDT ZwImpersonateClientOfPort fffff80070d5cc44 ntoskrnl.exe [unknown section] SSDT ZwImpersonateThread fffff80070b3e9d0 ntoskrnl.exe [unknown section] SSDT ZwInitializeEnclave fffff80070d68e68 ntoskrnl.exe [unknown section] SSDT ZwInitializeNlsFiles fffff80070b29004 ntoskrnl.exe [unknown section] SSDT ZwInitializeRegistry fffff80070c1e78c ntoskrnl.exe [unknown section] SSDT ZwInitiatePowerAction fffff80070bf688c ntoskrnl.exe [unknown section] SSDT ZwIsProcessInJob fffff80070b66368 ntoskrnl.exe [unknown section] SSDT ZwIsSystemResumeAutomatic fffff80070bfa580 ntoskrnl.exe [unknown section] SSDT ZwIsUILanguageComitted fffff80070bc11dc ntoskrnl.exe [unknown section] SSDT ZwListenPort fffff80070c5fa58 ntoskrnl.exe [unknown section] SSDT ZwLoadDriver fffff80070c014a0 ntoskrnl.exe [unknown section] SSDT ZwLoadEnclaveData fffff80070d69138 ntoskrnl.exe [unknown section] SSDT ZwLoadHotPatch fffff80070d383b8 ntoskrnl.exe [unknown section] SSDT ZwLoadKey fffff80070bf5214 ntoskrnl.exe [unknown section] SSDT ZwLoadKey2 fffff80070c11140 ntoskrnl.exe [unknown section] SSDT ZwLoadKeyEx fffff80070b31208 ntoskrnl.exe [unknown section] SSDT ZwLockFile fffff80070b10fc0 ntoskrnl.exe [unknown section] SSDT ZwLockProductActivationKeys fffff80070c45760 ntoskrnl.exe [unknown section] SSDT ZwLockRegistryKey fffff80070c50480 ntoskrnl.exe [unknown section] SSDT ZwLockVirtualMemory fffff800706cbb14 ntoskrnl.exe [unknown section] SSDT ZwMakePermanentObject fffff80070bcf5d0 ntoskrnl.exe [unknown section] SSDT ZwMakeTemporaryObject fffff80070b3ccf0 ntoskrnl.exe [unknown section] SSDT ZwManagePartition fffff80070b1a630 ntoskrnl.exe [unknown section] SSDT ZwMapCMFModule fffff80070bfeb6c ntoskrnl.exe [unknown section] SSDT ZwMapUserPhysicalPages fffff80070d66174 ntoskrnl.exe [unknown section] SSDT ZwMapUserPhysicalPagesScatter fffff80070d664c8 ntoskrnl.exe [unknown section] SSDT ZwMapViewOfSection fffff80070acabd0 ntoskrnl.exe [unknown section] SSDT ZwMapViewOfSectionEx fffff80070d5fd48 ntoskrnl.exe [unknown section] SSDT ZwModifyBootEntry fffff80070dd96dc ntoskrnl.exe [unknown section] SSDT ZwModifyDriverEntry fffff80070dd9708 ntoskrnl.exe [unknown section] SSDT ZwNotifyChangeDirectoryFile fffff80070bafc00 ntoskrnl.exe [unknown section] SSDT ZwNotifyChangeDirectoryFileEx fffff80070bafc60 ntoskrnl.exe [unknown section] SSDT ZwNotifyChangeKey fffff80070b15570 ntoskrnl.exe [unknown section] SSDT ZwNotifyChangeMultipleKeys fffff80070b148f0 ntoskrnl.exe [unknown section] SSDT ZwNotifyChangeSession fffff80070bbfb70 ntoskrnl.exe [unknown section] SSDT ZwOpenDirectoryObject fffff80070b3a91c ntoskrnl.exe [unknown section] SSDT ZwOpenEnlistment fffff800707794e0 ntoskrnl.exe [unknown section] SSDT ZwOpenEvent fffff80070b3a878 ntoskrnl.exe [unknown section] SSDT ZwOpenEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwOpenFile fffff80070b51310 ntoskrnl.exe [unknown section] SSDT ZwOpenIoCompletion fffff80070d32b2c ntoskrnl.exe [unknown section] SSDT ZwOpenJobObject fffff80070d910b4 ntoskrnl.exe [unknown section] SSDT ZwOpenKey fffff80070ae8028 ntoskrnl.exe [unknown section] SSDT ZwOpenKeyEx fffff80070aeb12c ntoskrnl.exe [unknown section] SSDT ZwOpenKeyTransacted fffff80070d01f00 ntoskrnl.exe [unknown section] SSDT ZwOpenKeyTransactedEx fffff80070b88ed4 ntoskrnl.exe [unknown section] SSDT ZwOpenKeyedEvent fffff80070dddd4c ntoskrnl.exe [unknown section] SSDT ZwOpenMutant fffff80070b3a7d4 ntoskrnl.exe [unknown section] SSDT ZwOpenObjectAuditAlarm fffff80070bec5c0 ntoskrnl.exe [unknown section] SSDT ZwOpenPartition fffff80070c5d860 ntoskrnl.exe [unknown section] SSDT ZwOpenPrivateNamespace fffff80070b79ee0 ntoskrnl.exe [unknown section] SSDT ZwOpenProcess fffff80070ae78e0 ntoskrnl.exe [unknown section] SSDT ZwOpenProcessToken fffff80070ae7710 ntoskrnl.exe [unknown section] SSDT ZwOpenProcessTokenEx fffff80070ae7ae0 ntoskrnl.exe [unknown section] SSDT ZwOpenRegistryTransaction fffff80070d01f1c ntoskrnl.exe [unknown section] SSDT ZwOpenResourceManager fffff800707794f0 ntoskrnl.exe [unknown section] SSDT ZwOpenSection fffff80070b988dc ntoskrnl.exe [unknown section] SSDT ZwOpenSemaphore fffff80070b3a730 ntoskrnl.exe [unknown section] SSDT ZwOpenSession fffff80070c1d358 ntoskrnl.exe [unknown section] SSDT ZwOpenSymbolicLinkObject fffff80070ae8050 ntoskrnl.exe [unknown section] SSDT ZwOpenThread fffff80070b25230 ntoskrnl.exe [unknown section] SSDT ZwOpenThreadToken fffff80070ae5fb0 ntoskrnl.exe [unknown section] SSDT ZwOpenThreadTokenEx fffff80070ae5fd0 ntoskrnl.exe [unknown section] SSDT ZwOpenTimer fffff80070dd48b0 ntoskrnl.exe [unknown section] SSDT ZwOpenTransaction fffff80070779500 ntoskrnl.exe [unknown section] SSDT ZwOpenTransactionManager fffff80070779510 ntoskrnl.exe [unknown section] SSDT ZwPlugPlayControl fffff80070ab96bc ntoskrnl.exe [unknown section] SSDT ZwPowerInformation fffff80070aa8884 ntoskrnl.exe [unknown section] SSDT ZwPrePrepareComplete fffff80070779520 ntoskrnl.exe [unknown section] SSDT ZwPrePrepareEnlistment fffff80070779530 ntoskrnl.exe [unknown section] SSDT ZwPrepareComplete fffff80070779540 ntoskrnl.exe [unknown section] SSDT ZwPrepareEnlistment fffff80070779550 ntoskrnl.exe [unknown section] SSDT ZwPrivilegeCheck fffff80070b1e2e4 ntoskrnl.exe [unknown section] SSDT ZwPrivilegeObjectAuditAlarm fffff80070c1c32c ntoskrnl.exe [unknown section] SSDT ZwPrivilegedServiceAuditAlarm fffff80070bc6564 ntoskrnl.exe [unknown section] SSDT ZwPropagationComplete fffff80070779560 ntoskrnl.exe [unknown section] SSDT ZwPropagationFailed fffff80070779570 ntoskrnl.exe [unknown section] SSDT ZwProtectVirtualMemory fffff80070af0f80 ntoskrnl.exe [unknown section] SSDT ZwPulseEvent fffff80070b25fe0 ntoskrnl.exe [unknown section] SSDT ZwQueryAttributesFile fffff80070ae7d90 ntoskrnl.exe [unknown section] SSDT ZwQueryAuxiliaryCounterFrequency fffff80070ddd9a4 ntoskrnl.exe [unknown section] SSDT ZwQueryBootEntryOrder fffff80070dd9734 ntoskrnl.exe [unknown section] SSDT ZwQueryBootOptions fffff80070dd99a0 ntoskrnl.exe [unknown section] SSDT ZwQueryDebugFilterState fffff80070733e30 ntoskrnl.exe [unknown section] SSDT ZwQueryDefaultLocale fffff80070b2607c ntoskrnl.exe [unknown section] SSDT ZwQueryDefaultUILanguage fffff80070c19db0 ntoskrnl.exe [unknown section] SSDT ZwQueryDirectoryFile fffff80070baae20 ntoskrnl.exe [unknown section] SSDT ZwQueryDirectoryFileEx fffff80070ae51e0 ntoskrnl.exe [unknown section] SSDT ZwQueryDirectoryObject fffff80070b04870 ntoskrnl.exe [unknown section] SSDT ZwQueryDriverEntryOrder fffff80070dd9c9c ntoskrnl.exe [unknown section] SSDT ZwQueryEaFile fffff80070ba2d80 ntoskrnl.exe [unknown section] SSDT ZwQueryEvent fffff80070bb1af0 ntoskrnl.exe [unknown section] SSDT ZwQueryFullAttributesFile fffff80070b95e90 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationAtom fffff80070b90860 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationByName fffff80070d32e9c ntoskrnl.exe [unknown section] SSDT ZwQueryInformationEnlistment fffff80070779580 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationFile fffff80070ae4350 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationJobObject fffff80070b5622c ntoskrnl.exe [unknown section] SSDT ZwQueryInformationPort fffff80070d5cc68 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationProcess fffff80070abb4a0 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationResourceManager fffff80070779590 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationThread fffff80070b01b10 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationToken fffff80070ae1d80 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationTransaction fffff800707795a0 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationTransactionManager fffff800707795b0 ntoskrnl.exe [unknown section] SSDT ZwQueryInformationWorkerFactory fffff800708cd3bc ntoskrnl.exe [unknown section] SSDT ZwQueryInstallUILanguage fffff80070bb9bc8 ntoskrnl.exe [unknown section] SSDT ZwQueryIntervalProfile fffff80070bcfb80 ntoskrnl.exe [unknown section] SSDT ZwQueryIoCompletion fffff80070d32c40 ntoskrnl.exe [unknown section] SSDT ZwQueryKey fffff80070ad4020 ntoskrnl.exe [unknown section] SSDT ZwQueryLicenseValue fffff80070b8d660 ntoskrnl.exe [unknown section] SSDT ZwQueryMultipleValueKey fffff80070b2fb7c ntoskrnl.exe [unknown section] SSDT ZwQueryMutant fffff80070bce2cc ntoskrnl.exe [unknown section] SSDT ZwQueryObject fffff80070b091d0 ntoskrnl.exe [unknown section] SSDT ZwQueryOpenSubKeys fffff80070d0206c ntoskrnl.exe [unknown section] SSDT ZwQueryOpenSubKeysEx fffff80070bf88d0 ntoskrnl.exe [unknown section] SSDT ZwQueryPerformanceCounter fffff80070b96900 ntoskrnl.exe [unknown section] SSDT ZwQueryPortInformationProcess fffff80070bca550 ntoskrnl.exe [unknown section] SSDT ZwQueryQuotaInformationFile fffff80070d34100 ntoskrnl.exe [unknown section] SSDT ZwQuerySection fffff80070bad5d8 ntoskrnl.exe [unknown section] SSDT ZwQuerySecurityAttributesToken fffff80070ad09e0 ntoskrnl.exe [unknown section] SSDT ZwQuerySecurityObject fffff80070b05190 ntoskrnl.exe [unknown section] SSDT ZwQuerySecurityPolicy fffff80070da1e44 ntoskrnl.exe [unknown section] SSDT ZwQuerySemaphore fffff80070bce1b0 ntoskrnl.exe [unknown section] SSDT ZwQuerySymbolicLinkObject fffff80070b935e0 ntoskrnl.exe [unknown section] SSDT ZwQuerySystemEnvironmentValue fffff80070dd9fc0 ntoskrnl.exe [unknown section] SSDT ZwQuerySystemEnvironmentValueEx fffff80070bbe108 ntoskrnl.exe [unknown section] SSDT ZwQuerySystemInformation fffff80070ae8ac0 ntoskrnl.exe [unknown section] SSDT ZwQuerySystemInformationEx fffff80070ba4d90 ntoskrnl.exe [unknown section] SSDT ZwQuerySystemTime fffff8007068df6c ntoskrnl.exe [unknown section] SSDT ZwQueryTimer fffff80070dd4954 ntoskrnl.exe [unknown section] SSDT ZwQueryTimerResolution fffff80070bbdf14 ntoskrnl.exe [unknown section] SSDT ZwQueryValueKey fffff80070ad46a0 ntoskrnl.exe [unknown section] SSDT ZwQueryVirtualMemory fffff80070af120c ntoskrnl.exe [unknown section] SSDT ZwQueryVolumeInformationFile fffff80070b032b0 ntoskrnl.exe [unknown section] SSDT ZwQueryWnfStateData fffff80070b4d130 ntoskrnl.exe [unknown section] SSDT ZwQueryWnfStateNameInformation fffff80070bab5c0 ntoskrnl.exe [unknown section] SSDT ZwQueueApcThread fffff80070b43dec ntoskrnl.exe [unknown section] SSDT ZwQueueApcThreadEx fffff80070b43e18 ntoskrnl.exe [unknown section] SSDT ZwRaiseException fffff8007079c0a0 ntoskrnl.exe [unknown section] SSDT ZwRaiseHardError fffff80070ddbc20 ntoskrnl.exe [unknown section] SSDT ZwReadFile fffff80070b65670 ntoskrnl.exe [unknown section] SSDT ZwReadFileScatter fffff80070b8c010 ntoskrnl.exe [unknown section] SSDT ZwReadOnlyEnlistment fffff800707795c0 ntoskrnl.exe [unknown section] SSDT ZwReadRequestData fffff80070d5cd2c ntoskrnl.exe [unknown section] SSDT ZwReadVirtualMemory fffff80070b06074 ntoskrnl.exe [unknown section] SSDT ZwRecoverEnlistment fffff800707795d0 ntoskrnl.exe [unknown section] SSDT ZwRecoverResourceManager fffff800707795e0 ntoskrnl.exe [unknown section] SSDT ZwRecoverTransactionManager fffff800707795f0 ntoskrnl.exe [unknown section] SSDT ZwRegisterProtocolAddressInformation fffff8007077987c ntoskrnl.exe [unknown section] SSDT ZwRegisterThreadTerminatePort fffff80070bbe3f4 ntoskrnl.exe [unknown section] SSDT ZwReleaseKeyedEvent fffff80070bb934c ntoskrnl.exe [unknown section] SSDT ZwReleaseMutant fffff80070b848b0 ntoskrnl.exe [unknown section] SSDT ZwReleaseSemaphore fffff80070b969b0 ntoskrnl.exe [unknown section] SSDT ZwReleaseWorkerFactoryWorker fffff800706bdec0 ntoskrnl.exe [unknown section] SSDT ZwRemoveIoCompletion fffff80070ace8d0 ntoskrnl.exe [unknown section] SSDT ZwRemoveIoCompletionEx fffff80070acfca0 ntoskrnl.exe [unknown section] SSDT ZwRemoveProcessDebug fffff80070d259dc ntoskrnl.exe [unknown section] SSDT ZwRenameKey fffff80070d022a0 ntoskrnl.exe [unknown section] SSDT ZwRenameTransactionManager fffff80070779888 ntoskrnl.exe [unknown section] SSDT ZwReplaceKey fffff80070d02804 ntoskrnl.exe [unknown section] SSDT ZwReplacePartitionUnit fffff800708db630 ntoskrnl.exe [unknown section] SSDT ZwReplyPort fffff80070b4fdcc ntoskrnl.exe [unknown section] SSDT ZwReplyWaitReceivePort fffff80070b02b80 ntoskrnl.exe [unknown section] SSDT ZwReplyWaitReceivePortEx fffff80070b02ba0 ntoskrnl.exe [unknown section] SSDT ZwReplyWaitReplyPort fffff80070d5cd8c ntoskrnl.exe [unknown section] SSDT ZwRequestPort fffff80070bb7e40 ntoskrnl.exe [unknown section] SSDT ZwRequestWaitReplyPort fffff80070b9ed60 ntoskrnl.exe [unknown section] SSDT ZwResetEvent fffff80070b6f194 ntoskrnl.exe [unknown section] SSDT ZwResetWriteWatch fffff80070af26e0 ntoskrnl.exe [unknown section] SSDT ZwRestoreKey fffff80070d02b78 ntoskrnl.exe [unknown section] SSDT ZwResumeProcess fffff80070ba4a44 ntoskrnl.exe [unknown section] SSDT ZwResumeThread fffff80070ba4b64 ntoskrnl.exe [unknown section] SSDT ZwRevertContainerImpersonation fffff80070895068 ntoskrnl.exe [unknown section] SSDT ZwRollbackComplete fffff80070779600 ntoskrnl.exe [unknown section] SSDT ZwRollbackEnlistment fffff80070779610 ntoskrnl.exe [unknown section] SSDT ZwRollbackRegistryTransaction fffff80070b89790 ntoskrnl.exe [unknown section] SSDT ZwRollbackTransaction fffff80070779620 ntoskrnl.exe [unknown section] SSDT ZwRollforwardTransactionManager fffff80070779894 ntoskrnl.exe [unknown section] SSDT ZwSaveKey fffff80070d02e0c ntoskrnl.exe [unknown section] SSDT ZwSaveKeyEx fffff80070d02e28 ntoskrnl.exe [unknown section] SSDT ZwSaveMergedKeys fffff80070d030c4 ntoskrnl.exe [unknown section] SSDT ZwSecureConnectPort fffff80070b44f0c ntoskrnl.exe [unknown section] SSDT ZwSerializeBoot fffff80070c5e5c4 ntoskrnl.exe [unknown section] SSDT ZwSetBootEntryOrder fffff80070dda2ec ntoskrnl.exe [unknown section] SSDT ZwSetBootOptions fffff80070dda4f0 ntoskrnl.exe [unknown section] SSDT ZwSetCachedSigningLevel fffff80070a9f280 ntoskrnl.exe [unknown section] SSDT ZwSetCachedSigningLevel2 fffff80070a9f2a4 ntoskrnl.exe [unknown section] SSDT ZwSetContextThread fffff80070bc11f4 ntoskrnl.exe [unknown section] SSDT ZwSetDebugFilterState fffff80070c28558 ntoskrnl.exe [unknown section] SSDT ZwSetDefaultHardErrorPort fffff80070c5e054 ntoskrnl.exe [unknown section] SSDT ZwSetDefaultLocale fffff80070c19640 ntoskrnl.exe [unknown section] SSDT ZwSetDefaultUILanguage fffff80070c19848 ntoskrnl.exe [unknown section] SSDT ZwSetDriverEntryOrder fffff80070dda6f4 ntoskrnl.exe [unknown section] SSDT ZwSetEaFile fffff80070d33aa0 ntoskrnl.exe [unknown section] SSDT ZwSetEvent fffff80070ae1ca0 ntoskrnl.exe [unknown section] SSDT ZwSetEventBoostPriority fffff80070dd4aac ntoskrnl.exe [unknown section] SSDT ZwSetHighEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwSetHighWaitLowEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwSetIRTimer fffff80070733458 ntoskrnl.exe [unknown section] SSDT ZwSetInformationDebugObject fffff80070d25b24 ntoskrnl.exe [unknown section] SSDT ZwSetInformationEnlistment fffff80070779630 ntoskrnl.exe [unknown section] SSDT ZwSetInformationFile fffff80070698c20 ntoskrnl.exe [unknown section] SSDT ZwSetInformationJobObject fffff80070b54058 ntoskrnl.exe [unknown section] SSDT ZwSetInformationKey fffff80070b93b50 ntoskrnl.exe [unknown section] SSDT ZwSetInformationObject fffff80070aa0290 ntoskrnl.exe [unknown section] SSDT ZwSetInformationProcess fffff80070acc610 ntoskrnl.exe [unknown section] SSDT ZwSetInformationResourceManager fffff80070779640 ntoskrnl.exe [unknown section] SSDT ZwSetInformationSymbolicLink fffff80070d6ea4c ntoskrnl.exe [unknown section] SSDT ZwSetInformationThread fffff80070acea60 ntoskrnl.exe [unknown section] SSDT ZwSetInformationToken fffff80070b245a0 ntoskrnl.exe [unknown section] SSDT ZwSetInformationTransaction fffff80070779650 ntoskrnl.exe [unknown section] SSDT ZwSetInformationTransactionManager fffff800707798a0 ntoskrnl.exe [unknown section] SSDT ZwSetInformationVirtualMemory fffff80070b70010 ntoskrnl.exe [unknown section] SSDT ZwSetInformationWorkerFactory fffff800706bd2e0 ntoskrnl.exe [unknown section] SSDT ZwSetIntervalProfile fffff80070bcfd78 ntoskrnl.exe [unknown section] SSDT ZwSetIoCompletion fffff80070b642ec ntoskrnl.exe [unknown section] SSDT ZwSetIoCompletionEx fffff80070b643a0 ntoskrnl.exe [unknown section] SSDT ZwSetLdtEntries fffff80070779190 ntoskrnl.exe [unknown section] SSDT ZwSetLowEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwSetLowWaitHighEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwSetQuotaInformationFile fffff80070d34830 ntoskrnl.exe [unknown section] SSDT ZwSetSecurityObject fffff80070bc67d0 ntoskrnl.exe [unknown section] SSDT ZwSetSystemEnvironmentValue fffff80070dda8f8 ntoskrnl.exe [unknown section] SSDT ZwSetSystemEnvironmentValueEx fffff80070ddac30 ntoskrnl.exe [unknown section] SSDT ZwSetSystemInformation fffff80070b23b08 ntoskrnl.exe [unknown section] SSDT ZwSetSystemPowerState fffff80070a8afa0 ntoskrnl.exe [unknown section] SSDT ZwSetSystemTime fffff80070dd2cfc ntoskrnl.exe [unknown section] SSDT ZwSetThreadExecutionState fffff80070aa0fc4 ntoskrnl.exe [unknown section] SSDT ZwSetTimer fffff8007073d99c ntoskrnl.exe [unknown section] SSDT ZwSetTimer2 fffff80070692e4c ntoskrnl.exe [unknown section] SSDT ZwSetTimerEx fffff800706f79a0 ntoskrnl.exe [unknown section] SSDT ZwSetTimerResolution fffff80070a9fe80 ntoskrnl.exe [unknown section] SSDT ZwSetUuidSeed fffff80070c55b54 ntoskrnl.exe [unknown section] SSDT ZwSetValueKey fffff80070b12b50 ntoskrnl.exe [unknown section] SSDT ZwSetVolumeInformationFile fffff80070bf0b30 ntoskrnl.exe [unknown section] SSDT ZwSetWnfProcessNotificationEvent fffff80070bacaf4 ntoskrnl.exe [unknown section] SSDT ZwShutdownSystem fffff80070dd2bd0 ntoskrnl.exe [unknown section] SSDT ZwShutdownWorkerFactory fffff800706bd0e4 ntoskrnl.exe [unknown section] SSDT ZwSignalAndWaitForSingleObject fffff80070881ae0 ntoskrnl.exe [unknown section] SSDT ZwSinglePhaseReject fffff800707798ac ntoskrnl.exe [unknown section] SSDT ZwStartProfile fffff80070ddd9fc ntoskrnl.exe [unknown section] SSDT ZwStopProfile fffff80070dddc5c ntoskrnl.exe [unknown section] SSDT ZwSubscribeWnfStateChange fffff80070b4c92c ntoskrnl.exe [unknown section] SSDT ZwSuspendProcess fffff80070d943c4 ntoskrnl.exe [unknown section] SSDT ZwSuspendThread fffff80070b6c308 ntoskrnl.exe [unknown section] SSDT ZwSystemDebugControl fffff80070ddf6d8 ntoskrnl.exe [unknown section] SSDT ZwTerminateEnclave fffff80070d6976c ntoskrnl.exe [unknown section] SSDT ZwTerminateJobObject fffff80070bb7c20 ntoskrnl.exe [unknown section] SSDT ZwTerminateProcess fffff80070b6ee5c ntoskrnl.exe [unknown section] SSDT ZwTerminateThread fffff80070baa6e8 ntoskrnl.exe [unknown section] SSDT ZwTestAlert fffff80070baeabc ntoskrnl.exe [unknown section] SSDT ZwThawRegistry fffff80070d032f0 ntoskrnl.exe [unknown section] SSDT ZwThawTransactions fffff80070779660 ntoskrnl.exe [unknown section] SSDT ZwTraceControl fffff80070ae57b0 ntoskrnl.exe [unknown section] SSDT ZwTraceEvent fffff8007065e000 ntoskrnl.exe [unknown section] SSDT ZwTranslateFilePath fffff80070ddaec4 ntoskrnl.exe [unknown section] SSDT ZwUmsThreadYield fffff80070d58efc ntoskrnl.exe [unknown section] SSDT ZwUnloadDriver fffff80070bff304 ntoskrnl.exe [unknown section] SSDT ZwUnloadKey fffff80070bf5284 ntoskrnl.exe [unknown section] SSDT ZwUnloadKey2 fffff80070c1f62c ntoskrnl.exe [unknown section] SSDT ZwUnloadKeyEx fffff80070b86de4 ntoskrnl.exe [unknown section] SSDT ZwUnlockFile fffff80070b979f0 ntoskrnl.exe [unknown section] SSDT ZwUnlockVirtualMemory fffff800706cd1c0 ntoskrnl.exe [unknown section] SSDT ZwUnmapViewOfSection fffff80070b46f04 ntoskrnl.exe [unknown section] SSDT ZwUnmapViewOfSectionEx fffff80070b46f20 ntoskrnl.exe [unknown section] SSDT ZwUnsubscribeWnfStateChange fffff80070b9b670 ntoskrnl.exe [unknown section] SSDT ZwUpdateWnfStateData fffff80070b4ca00 ntoskrnl.exe [unknown section] SSDT ZwVdmControl fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwWaitForAlertByThreadId fffff80070b10940 ntoskrnl.exe [unknown section] SSDT ZwWaitForDebugEvent fffff80070d25ca0 ntoskrnl.exe [unknown section] SSDT ZwWaitForKeyedEvent fffff80070bb9000 ntoskrnl.exe [unknown section] SSDT ZwWaitForMultipleObjects fffff80070ae07a0 ntoskrnl.exe [unknown section] SSDT ZwWaitForMultipleObjects32 fffff80070b93f50 ntoskrnl.exe [unknown section] SSDT ZwWaitForSingleObject fffff80070ae16c0 ntoskrnl.exe [unknown section] SSDT ZwWaitForWorkViaWorkerFactory fffff80070639aa0 ntoskrnl.exe [unknown section] SSDT ZwWaitHighEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwWaitLowEventPair fffff80070bca540 ntoskrnl.exe [unknown section] SSDT ZwWorkerFactoryWorkerReady fffff8007071d670 ntoskrnl.exe [unknown section] SSDT ZwWriteFile fffff80070b03790 ntoskrnl.exe [unknown section] SSDT ZwWriteFileGather fffff80070b89cac ntoskrnl.exe [unknown section] SSDT ZwWriteRequestData fffff80070d5ce30 ntoskrnl.exe [unknown section] SSDT ZwWriteVirtualMemory fffff80070bb5664 ntoskrnl.exe [unknown section] SSDT ZwYieldExecution fffff8007070c630 ntoskrnl.exe [unknown section] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [844:1240] fffffd86a3446840 Thread c:\windows\system32\svchost.exe [9372:9760] 00007ffd67897be0 ---- Services - GMER 2.2 ---- Service C:\Windows\system32\DRIVERS\atc.sys (*** hidden *** ) [BOOT] atc <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] BcastDVRUserService_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] BluetoothUserService_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] DevicePickerUserSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] DevicesFlowUserSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] PrintWorkflowUserSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_488e6 <-- ROOTKIT !!! Service C:\Windows\system32\svchost.exe (*** hidden *** ) [AUTO] WpnUserService_488e6 <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----

Sign In

rkqm

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by rkqm

Only GMER detects possible rootkit

Only GMER detects possible rootkit

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information