http://www.fixitpc.pl/index.php?/forum-6/announcement-3-wazne-zakladanie-tematu-obowiazkowe-logi/ GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-04 18:59:22 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3250620A rev.3.AAE Running: GMER.exe; Driver: C:\DOCUME~1\DKD'nt\USTAWI~1\Temp\afkyiaod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xB2656B4A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xB2636C16] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xB265914E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xB262EDA2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xB263FD92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xB264E646] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xB264F15E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xB262D2FE] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xB263F682] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xB264CCC6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xB263DF26] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xB2641D4E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xB26497A2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xB264B666] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xB263ED86] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xB26350CF] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xB2641154] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xB26518B6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xB262DD5E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xB2650B36] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xB2658342] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xB2637C8D] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xB2642B82] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xB264365E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xB2655D92] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xB264869E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xB2645216] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xB265B636] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xB265BC1A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xB2647B6A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xB26466CA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xB2647112] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xB2659E36] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xB26551B6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xB2639BDE] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xB264A9C2] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xB26441BA] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xB2653EE6] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xB265480E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xB265C81A] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xB265266E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xB2653386] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xB264C23E] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xB26575E6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 34D 804E29A9 1 Byte [86] .text ntoskrnl.exe!_abnormal_termination + 34D 804E29A9 5 Bytes [86, 64, B2, 16, 52] {XCHG [EDX+ESI*4+0x16], AH; PUSH EDX} .text ntoskrnl.exe!_abnormal_termination + 353 804E29AF 1 Byte [B2] .text ntoskrnl.exe!_abnormal_termination + 37C 804E29D8 2 Bytes [6A, 7B] {PUSH 0x7b} .text ntoskrnl.exe!_abnormal_termination + 37F 804E29DB 1 Byte [B2] .text ... .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB6913000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[188] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\nod32\ekrn.exe[348] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[428] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[504] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[504] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[504] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[504] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[504] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[812] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00A6B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[812] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00A6B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[812] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00A6B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[812] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00A6B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text G:\ProgramFiles2\TortoiseSVN168\bin\TSVNCache.exe[812] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A6B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[948] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[992] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[992] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[992] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[992] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[992] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1032] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1032] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1032] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1032] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1032] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1268] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 00B1B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1268] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 00B1B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1268] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 00B1B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1268] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 00B1B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1268] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00B1B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[1296] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 013FB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[1296] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 013FB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[1296] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 013FB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[1296] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 013FB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe[1296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 013FB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1364] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1364] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1364] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1364] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\devldr32.exe[1364] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1404] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 0056D260 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00567184 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1404] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005671DC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1404] USER32.dll!EnableWindow 7E379849 5 Bytes JMP 010D1C24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[1404] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005671B0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1432] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1432] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1432] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1432] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1432] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1440] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1440] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1440] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1440] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\ctfmon.exe[1440] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1456] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1456] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1456] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1456] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Wtablet\TabUserW.exe[1456] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[1468] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[1468] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[1468] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[1468] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe[1468] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00BC000A .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00BD000A .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 0074000C .text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 00FC000A .text C:\WINDOWS\System32\svchost.exe[1488] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CD000A .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1496] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1496] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1496] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1496] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1496] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1568] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1568] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1568] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1568] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Ati2evxx.exe[1568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1676] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1676] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1676] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1676] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\MICROS~2\rapimgr.exe[1676] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Bonjour\mDNSResponder.exe[1820] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[1868] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[1868] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[1868] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[1868] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\HPZipm12.exe[1868] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[1892] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[1892] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[1892] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[1892] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\IoctlSvc.exe[1892] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 01B1000A .text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 01B2000A .text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 01B0000C .text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[2044] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[2184] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[2184] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[2184] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[2184] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\Tablet.exe[2184] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2428] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2428] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2428] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2428] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2428] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[4076] USER32.dll!ChangeDisplaySettingsExA 7E37384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[4076] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[4076] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[4076] USER32.dll!ChangeDisplaySettingsExW 7E3A95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Documents and Settings\DKD'nt\Pulpit\GMER.exe[4076] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B68BB226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B264A6B0] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B2631292] \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 89B1C39B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89B1C39B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89B1C39B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 89B1C39B Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.) Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250620A______________________________3.AAE___#5&19dbf0e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- EOF - GMER 1.0.15 ----