Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.02.40, on 22/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
D:\Programmi\Utility\FreeProxy\FreeProxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Sicurezza\Tools\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DrvIcon] D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\PRODUT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8647089203
O20 - AppInit_DLLs: d:\progra~1\sicure~1\outpos~1\wl_hook.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Free Proxy Service (FreeProxy) - Unknown owner - D:\Programmi\Utility\FreeProxy\FreeProxy.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9088 bytes
Scan saved at 22.02.40, on 22/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe
C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
D:\Programmi\Utility\FreeProxy\FreeProxy.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe
D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Programmi\Sicurezza\Tools\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DrvIcon] D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Programmi\Sicurezza\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programmi\Sicurezza\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\PRODUT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SICURE~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Programmi\Utility\Babylon\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8647089203
O20 - AppInit_DLLs: d:\progra~1\sicure~1\outpos~1\wl_hook.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Free Proxy Service (FreeProxy) - Unknown owner - D:\Programmi\Utility\FreeProxy\FreeProxy.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9088 bytes
Gmer rootkit
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 22:26:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\kwloipob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF779D1CC]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAE60ABF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAE627920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAE606F60]
SSDT F7BF3106 ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAE61E2B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAE61EBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAE605D10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAE611E40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF779D206]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAE62AF30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAE610B20]
SSDT F7BF310B ZwDeleteKey
SSDT F7BF3115 ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAE61BBB0]
SSDT F7BF311A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAE6116B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAE609C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAE612FC0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF779D51A]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAE606580]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF779D3F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF779D292]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAE60B8A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAE615750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAE615FA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAE624ED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAE619590]
SSDT F7BF3124 ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAE629A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAE629D70]
SSDT F7BF311F ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAE617C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAE6184D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAE628480]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF779D18E]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAE62B520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAE60CBF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAE61B1C0]
SSDT F7BF3110 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAE623190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAE623AC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAE62A770]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF779D64E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF779D316]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAE61C530]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF779D34E]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2540 80501D78 2 Bytes [C0, 2F]
.text ntkrnlpa.exe!ZwCallbackReturn + 25E4 80501E1C 2 Bytes [50, 57] {PUSH EAX; PUSH EDI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2628 80501E60 2 Bytes [A0, 5F]
.text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E9C 2 Bytes [90, 95] {NOP ; XCHG EBP, EAX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2667 80501E9F 5 Bytes [AE, 24, 31, BF, F7]
.text ...
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DA7000, 0x1B601E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 015A5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009CA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009CA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009CA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009CA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0073A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0073A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0073A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0073A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00B3A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00B3A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00B3A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00B3A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0068A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0068A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0068A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0068A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01955AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C05AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\atmuni.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\rawwan.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1301\Shell@ScrollPos1440x900(\21).x 0
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-11-22 22:26:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\kwloipob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF779D1CC]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAE60ABF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAE627920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAE606F60]
SSDT F7BF3106 ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAE61E2B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAE61EBB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAE605D10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAE611E40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF779D206]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAE62AF30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAE610B20]
SSDT F7BF310B ZwDeleteKey
SSDT F7BF3115 ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAE61BBB0]
SSDT F7BF311A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAE6116B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAE609C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAE612FC0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF779D51A]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAE606580]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF779D3F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF779D292]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAE60B8A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAE615750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAE615FA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAE624ED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAE619590]
SSDT F7BF3124 ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAE629A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAE629D70]
SSDT F7BF311F ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAE617C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAE6184D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAE628480]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF779D18E]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAE62B520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAE60CBF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAE61B1C0]
SSDT F7BF3110 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAE623190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAE623AC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAE62A770]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF779D64E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF779D316]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAE61C530]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF779D34E]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2540 80501D78 2 Bytes [C0, 2F]
.text ntkrnlpa.exe!ZwCallbackReturn + 25E4 80501E1C 2 Bytes [50, 57] {PUSH EAX; PUSH EDI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2628 80501E60 2 Bytes [A0, 5F]
.text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E9C 2 Bytes [90, 95] {NOP ; XCHG EBP, EAX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2667 80501E9F 5 Bytes [AE, 24, 31, BF, F7]
.text ...
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DA7000, 0x1B601E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe[124] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[176] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\TUProgSt.exe[496] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[572] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Drive Icon\DrvIcon.exe[608] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[616] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NotifyPhoneBook.exe[668] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 015A5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009CA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009CA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009CA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avgnt.exe[676] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009CA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0073A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0073A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0073A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\File comuni\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[796] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0073A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[828] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB5AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\Vista Start Menu\VistaStartMenu.exe[1020] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00B3A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00B3A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00B3A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe[1240] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00B3A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[1272] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 D:\PROGRA~1\SICURE~1\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0068A1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0068A174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0068A1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\PSIService.exe[1408] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0068A224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Utility\FreeProxy\FreeProxy.exe[1524] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01955AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Programmi\Prevx\prevx.exe[1696] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1744] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avguard.exe[2016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\avmailc.exe[2784] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Avira\AntiVir Desktop\AVWEBGRD.EXE[2832] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C05AF0 C:\Programmi\Ray Adams\ATI Tray Tools\raphook.dll
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text D:\Programmi\Sicurezza\Tools\Gmer\gmer.exe[3384] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AA1F8 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AA174 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AA1A0 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[4016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AA224 d:\progra~1\sicure~1\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\atmuni.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\rawwan.sys[NDIS.SYS!NdisOpenAdapter] [F6CC9906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1301\Shell@ScrollPos1440x900(\21).x 0
---- EOF - GMER 1.0.15 ----