avast and Windows API hooks

I would like to know which (if any) api avast hooks to in Windows 7 for the real time protection features.

A couple of anti rootkit programs (namely Gmer and Rootkit Buster) showed many API hooks apparently comingo from avast. I alo ran TDSSKiller, which didn´t show any rootkit, which made me believe that the hooks I´m seeing are really from avast.

Anyone could confirm this and provide a list of legit api hooks by avast?

Thanks in advance.

do you have a virus problem ?

OBS: and Gmer rootkit scan is already integrated in avast
http://www.avast.com/pr-avast!-gmer-technology-gets-top-score-in-rootkit-detection-tests

I´m not sure it is a virus. That´s what I´m trying to find out.

A full system scan with avast finds nothing, the same happens with Trendmicro Housecall. But as I mentioned befor, the last time I checked for rootkits with Rootkit Buster I got a few entries like this:

[HOOKED_SERVICE_API]:
Service API : ZwAddBootEntry
Image Path : C:\Windows\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8313f4be
CurrentHandler : 0x8fa7efc4
ServiceNumber : 0x9
ModuleName : aswSnx.SYS
SDTType : 0x0

A recently installed avast on my Windows 7 machine, so I´m guessing that these are API hooks from avast, but I´m just trying to confirm everything is ok.

Thanks.

if you suspect infection, follow this guide and attach all logs…not copy and paste
http://forum.avast.com/index.php?topic=53253.0

@ saos
This :C:\Windows\System32\Drivers\aswSnx.SYS is the avast sandbox driver (avast! Virtualization Driver/AVAST Software).

@saos, yes, avast hooks several system APIs (as other AVs or security programs). The most hooks are done from sandbox/autosandbox driver (aswSnx.sys) or behavior shield (aswSP.sys). GMER show you all hooked APIs and if you scan processes in GMER, then it’ll show you our injected DLL (snxhk.dll) in those processes.

yes, @pk and @DavidR, most hooks where from aswSynx.sys, a few from aswSp.sys.

there is also a kernel patch at ZwCreateProcessEx, which I assume is also part of the real-time shields.

thanks.