GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-05 21:48:02 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250620A rev.3.AAE Running: GMER.exe; Driver: C:\DOCUME~1\DKD'nt\USTAWI~1\Temp\afkyiaod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB5837B4A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB5817C16] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB583A14E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB580FDA2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB5820D92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB582F646] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB583015E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB580E2FE] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB5820682] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB582DCC6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB581EF26] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB5822D4E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB582A7A2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB582C666] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB581FD86] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB58160CF] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB5822154] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB58328B6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB580ED5E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB5831B36] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB5839342] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB5818C8D] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB5823B82] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB582465E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB5836D92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB582969E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB5826216] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB583C636] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB583CC1A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB5828B6A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB58276CA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB5828112] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB583AE36] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB58361B6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB581ABDE] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB582B9C2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB58251BA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB5834EE6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB583580E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB583D81A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB583366E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB5834386] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB582D23E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB58385E6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 34D 804E29A9 7 Bytes [96, 82, B5, 16, 62, 82, B5] .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [E6, 4E, 83, B5, 0E, 58, 83, ...] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9C34000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[120] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 013FB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[120] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 013FB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[120] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 013FB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[120] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 013FB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[120] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 013FB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[184] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[184] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[184] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[184] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[184] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[332] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[332] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[332] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[332] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[332] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[348] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[356] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[356] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[356] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[356] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[356] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[820] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[820] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[820] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[820] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[820] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[832] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[832] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[832] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[832] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[832] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[856] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[940] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[940] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[940] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[940] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[940] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[960] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00A3B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[960] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00A3B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[960] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00A3B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[960] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00A3B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[960] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A3B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[984] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[984] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[984] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[984] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[984] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\nod32\ekrn.exe[1076] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] .text C:\WINDOWS\system32\Ati2evxx.exe[1180] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1180] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1180] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1180] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1180] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1352] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1352] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1352] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1352] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1352] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1456] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1456] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1456] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1456] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[1456] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1472] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00AEB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1472] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00AEB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1472] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00AEB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1472] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00AEB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1472] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00AEB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1488] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1488] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1488] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1488] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1488] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1580] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 0056D260 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1580] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00567184 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005671DC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1580] USER32.dll!EnableWindow 7E379849 5 Bytes JMP 00FC1C24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005671B0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1616] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1616] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1616] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1616] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1616] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1652] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1652] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1652] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1652] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1652] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1660] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1660] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1660] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1660] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1660] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1672] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1672] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1672] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1672] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1672] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1840] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1840] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1840] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1840] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1840] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1884] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1884] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1884] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1884] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1884] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2024] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2024] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2024] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2024] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2024] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2320] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[3664] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[3664] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[3664] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[3664] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[3664] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9BDC226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B582B6B0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B5812292] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) ---- EOF - GMER 1.0.15 ----