come da oggetto i problemi sono diversi, tutti iniziati da quando sono passato da avast ad avir...
prima di tutto la velocità della mia tiscali 6 mega oggi è mediamente questa
l,antivirus nn ne vuole sapere di aggiornarsi causa cadute continue della linea
fino a 3 giorni fa andava tutto perfettamente.oggi faccio uno scan completo con avir con i settaggi suggeriti da hw upgrade forum (da cui ho anche scaricato il programma dal link suggerito visto che da voi non ci riuscivo), poi scan spybot e a squared; tutto pulito sembra....
riavvio e il firewall avvisa che AVIR E' CAMBIATO
concedo il cambiamento e provo aggiornamento, ancora senza risultato.
fatto analisi con hijackthis e sottposto log all'analisi automatica ed è uscito questo
ho fatto uno scan anche con g mer ma non ci capisco molto(eufemismo)...
allego log hijackthis e g mer per chi se la sentisse di dargli un occhio
altre stranezze, per ora, alcune applicazioni fanno fatica a chiudersi con spesso finestre di win "l'applicazione non risponde", task manager cher non ne vuole saperne di chiudersi e SO anche lui lentino in chiusura.
Logfile of HijackThis v1.99.1
Scan saved at 18.23.59, on 10/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmi\Tall Emu\Online Armor\oasrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Tall Emu\Online Armor\oaui.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Programmi\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7732742527
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5657661338
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Programmi\Tall Emu\Online Armor\oasrv.exe
---- System - GMER 1.0.14 ----
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwAllocateVirtualMemory [0xBD7E5070]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwAssignProcessToJobObject [0xBD7E54A0]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwConnectPort [0xEB5575BE]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateFile [0xBD7E6750]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateKey [0xBD7E7240]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS (Jetico Personal Firewall TDI Filter Driver/Jetico, Inc.) ZwCreatePort [0xEB55750E]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateProcess [0xBD7E55D0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateSection [0xBD7E3360]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateThread [0xBD7E3BA0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteFile [0xBD7E6D00]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteKey [0xBD7E61D0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteValueKey [0xBD7E7A20]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwEnumerateKey [0xBD7E6730]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwEnumerateValueKey [0xBD7E6740]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwLoadDriver [0xBD7E4EE0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwLoadKey [0xBD7E7D90]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenFile [0xBD7E6A60]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenKey [0xBD7E6380]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenProcess [0xBD7E3900]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenSection [0xBD7E3590]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenThread [0xBD7E3D70]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwProtectVirtualMemory [0xBD7E51E0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwQueryKey [0xBD7E6710]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwQueryValueKey [0xBD7E6720]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwReplaceKey [0xBD7E6390]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwRequestWaitReplyPort [0xBD7E4BE0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwRestoreKey [0xBD7E6550]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwResumeThread [0xBD7E45D0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSaveKey [0xBD7E6700]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetContextThread [0xBD7E40D0]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetInformationFile [0xBD7E6F60]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetValueKey [0xBD7E7540]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwShutdownSystem [0xBD7E4E20]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSuspendThread [0xBD7E4470]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSystemDebugControl [0xBD7E4350]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwTerminateProcess [0xBD7E3A50]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwTerminateThread [0xBD7E3F60]
SSDT \??\C:\WINNT\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwWriteVirtualMemory [0xBD7E5340]
---- Kernel code sections - GMER 1.0.14 ----
? C:\DOCUME~1\DEFAUL~1\IMPOST~1\Temp\mc21.tmp Impossibile trovare il file specificato. !
.text NTDLL.DLL!NtClose 784681F8 5 Bytes JMP 72049770
.text NTDLL.DLL!NtCreateFile 78468278 5 Bytes JMP 7204A570
.text NTDLL.DLL!NtCreateKey 784682A8 5 Bytes JMP 7204ADA0
.text NTDLL.DLL!NtCreateProcess 78468308 5 Bytes JMP 7204AE30
.text NTDLL.DLL!NtCreateSection 78468328 5 Bytes JMP 72049A40
.text NTDLL.DLL!NtLoadDriver 784685BC 5 Bytes JMP 7204A1E0
.text NTDLL.DLL!NtSetValueKey 78468DDC 5 Bytes JMP 7204AD10
.text NTDLL.DLL!NtWriteFile 78468F38 5 Bytes JMP 7204A3D0
---- User code sections - GMER 1.0.14 ----
.text C:\WINNT\system32\mspaint.exe[524] KERNEL32.dll!LoadLibraryExW 796D0595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\mspaint.exe[524] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\WINNT\system32\mspaint.exe[524] KERNEL32.dll!CreateProcessA 796D5040 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\mspaint.exe[524] KERNEL32.dll!CreateProcessW 796D6981 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\mspaint.exe[524] USER32.dll!ExitWindowsEx 77E420E8 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\nvsvc32.exe[744] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\WINNT\system32\MSTask.exe[792] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[800] KERNEL32.dll!LoadLibraryExW 796D0595 6 Bytes JMP 5F070F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[800] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[800] KERNEL32.dll!CreateProcessA 796D5040 6 Bytes JMP 5F040F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[800] KERNEL32.dll!CreateProcessW 796D6981 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[800] USER32.DLL!ExitWindowsEx 77E420E8 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\svchost.exe[952] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1088] KERNEL32.dll!LoadLibraryExW 796D0595 6 Bytes JMP 5F070F5A
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1088] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1088] KERNEL32.dll!CreateProcessA 796D5040 6 Bytes JMP 5F040F5A
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1088] KERNEL32.dll!CreateProcessW 796D6981 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe[1088] USER32.dll!ExitWindowsEx 77E420E8 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] kernel32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1152] KERNEL32.dll!LoadLibraryExW 796D0595 6 Bytes JMP 5F070F5A
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1152] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1152] KERNEL32.dll!CreateProcessA 796D5040 6 Bytes JMP 5F040F5A
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1152] KERNEL32.dll!CreateProcessW 796D6981 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe[1152] USER32.dll!ExitWindowsEx 77E420E8 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\mspaint.exe[1292] KERNEL32.dll!LoadLibraryExW 796D0595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\mspaint.exe[1292] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\WINNT\system32\mspaint.exe[1292] KERNEL32.dll!CreateProcessA 796D5040 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\mspaint.exe[1292] KERNEL32.dll!CreateProcessW 796D6981 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\mspaint.exe[1292] USER32.dll!ExitWindowsEx 77E420E8 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Administrator\Documenti\gmer.exe[1468] KERNEL32.dll!LoadLibraryExW 796D0595 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Administrator\Documenti\gmer.exe[1468] KERNEL32.dll!FreeLibrary + 37 796D08CE 4 Bytes [ 6A, F7, 92, E5 ]
.text C:\Documents and Settings\Administrator\Documenti\gmer.exe[1468] KERNEL32.dll!CreateProcessA 796D5040 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Administrator\Documenti\gmer.exe[1468] KERNEL32.dll!CreateProcessW 796D6981 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Administrator\Documenti\gmer.exe[1468] user32.dll!ExitWindowsEx 77E420E8 6 Bytes JMP 5F0D0F5A
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EB533720] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EB533470] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisGetReceivedPacket] [EB7F18FA] \SystemRoot\System32\Drivers\bc_filter.SYS (Jetico Personal Firewall Network Filter Driver/Jetico, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EB533410] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EB533760] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EB533720] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EB533410] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EB533470] \??\C:\WINNT\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\user32.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oasrv.exe[484] @ C:\WINNT\system32\crypt32.dll [KERNEL32.dll!CreateThread] [0042CC00] C:\Programmi\Tall Emu\Online Armor\oasrv.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\user32.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\wininet.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
IAT C:\Programmi\Tall Emu\Online Armor\oaui.exe[1120] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!CreateThread] [0042D004] C:\Programmi\Tall Emu\Online Armor\oaui.exe
---- Devices - GMER 1.0.14 ----
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\USB_RNDIS \Device\{52DB1F24-9DD9-48B1-9A58-41D462F77E6B} RNDISMPK.SYS (Remote NDIS Miniport/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\Acronis\Acronis\xa0True\xa0Image\xa0Home\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\4D1843403DD3EAE4D9E6ACF4BDE4BDB9@F0A903C4F48B6674DA5FFD70FE03D3B4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\Features@WebPublFiles ]aZF&kXsf(lf*L[_GKba}gbvW,Qmf(G'*L[H+8]b_}IuVaZtf(Cyn.Q2tAE!_{@h=i,nf(R8(L[JO9}X_}M^V8Xqf(Rp)L[_GKbahlT]jI{jf(=1&L[-81-][qFvyQP~f(8Hw.QdFt.0)VWe6E%wf(S5YX%43_cm
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@RegOwner alessandro
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@RegCompany
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@ProductID 12345-111-1111111-13553
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@LocalPackage C:\WINNT\Installer\89fc.msi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@DisplayVersion 9.50.7522
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@HelpLink http://www.microsoft.com/windows
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@InstallDate 20070204
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@InstallLocation
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@InstallSource C:\WINNT\system32\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@NoRepair 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Publisher Microsoft Corporation
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Readme
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@EstimatedSize 2696
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@URLInfoAbout
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@URLUpdateInfo
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@VersionMajor 9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@VersionMinor 50
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@WindowsInstaller 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Version 154279266
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@Language 1040
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AD617F6F8933D11581E000540386890\InstallProperties@DisplayName WebFldrs
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\Features@App )R{{7qDm}?AJc+-.L+Wp
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@LocalPackage C:\WINNT\Installer\14d65.msi
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@DisplayVersion 1.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@HelpLink http://www.xxx.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@InstallDate 20070204
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@InstallLocation
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@InstallSource C:\WINNT\Downloaded Installations\{F1252331-F51E-4298-851C-30B823D4BD44}\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Publisher nobrand
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Readme
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@EstimatedSize 240
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@URLInfoAbout http://www.xxx.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@URLUpdateInfo http://www.xxx.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@VersionMajor 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@VersionMinor 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@WindowsInstaller 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Version 16777216
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@Language 1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F0A903C4F48B6674DA5FFD70FE03D3B4\InstallProperties@DisplayName USB Remote NDIS Network Device
---- EOF - GMER 1.0.14 ----
SOw2ksp4
grazie in anticipo