www.MegaLab.it

[riise90]

Salve a tutti.
Purtroppo sono un paio di giorni che ho problemi con il mio Antivir Premium. Ogni volta che finisco una scansione il pc si blocca e dice che c'è stato un errore di avscan.exe Inoltre ogni tanto capita che quando accedo al mio account la AntiVir Guard sia disattivata. Voi che ne pensate?

[Seba:-)]

Hai la versione 9? Anche io ho avuto dei problemi...

[ste_95]

Ragazzi posso darvi un consiglio anche se ancora non ho provato il software? Segnalate questi problemi alla casa madre, altrimenti non potranno mai essere risolti, non si può sempre sperare che lo faccia qualcun altro...
Basta registrarsi sul forum, o se preferite, passatemi tutti i dettagli dei problemi che ci penso io, essendo già registrato.

[Seba:-)]

Segnalate questi problemi alla casa madre.

Hai ragione, appena ho un attimo apro un topic nel forum.

[riise90]

Ora ho problemi anche con il firewall che ogni tanto si disattiva e il pc si blocca completamente. Posto i log di Combofix e Gmer per vedere se in tutto questo c' entra qualche virus.
Combofix:

ComboFix 09-03-29.04 - Emiliano 2009-03-30 19.38.01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1023.588 [GMT 2:00]
Eseguito da: c:\documents and settings\Emiliano\Desktop\abcd.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Online Armor Firewall *enabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-30 )))))))))))))))))))))))))))))))))))
.

2009-03-20 20:34 . 2009-03-20 20:34 <DIR> d--hs---- c:\documents and settings\Emiliano\IECompatCache
2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d--hs---- c:\documents and settings\Marco\IETldCache
2009-03-20 15:55 . 2009-03-20 15:55 <DIR> d--hs---- c:\documents and settings\Emiliano\PrivacIE
2009-03-20 15:53 . 2009-03-20 15:53 <DIR> d--hs---- c:\documents and settings\Emiliano\IETldCache
2009-03-20 15:51 . 2009-03-20 15:51 <DIR> d-------- c:\windows\ie8updates
2009-03-20 15:49 . 2009-03-20 15:51 <DIR> d--h-c--- c:\windows\ie8
2009-03-20 15:47 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-18 11:13 . 2009-03-18 11:13 <DIR> d-------- c:\programmi\MSXML 4.0
2009-03-13 20:47 . 2009-03-13 20:47 <DIR> d-------- c:\programmi\Defraggler
2009-03-12 19:11 . 2009-03-28 16:56 <DIR> d-------- C:\MyAudio
2009-03-12 19:09 . 2009-03-12 19:11 <DIR> d-------- c:\programmi\AoA Audio Extractor
2009-03-12 13:53 . 2009-03-12 13:53 <DIR> d-------- c:\programmi\Paragon Software
2009-03-12 13:53 . 2008-03-28 14:37 4,244,744 --a------ c:\windows\system32\qtp-mt334.dll
2009-03-12 13:53 . 2008-03-28 14:37 247,560 --a------ c:\windows\system32\prgiso.dll
2009-03-12 13:53 . 2008-03-28 14:37 39,472 --a------ c:\windows\system32\drivers\hotcore3.sys
2009-03-12 13:53 . 2008-03-28 14:37 13,576 --a------ c:\windows\system32\wnaspi32.dll
2009-03-08 15:28 . 2009-03-08 15:28 1,294,336 --------- c:\windows\system32\ieframe.dll.mui
2009-03-08 15:28 . 2009-03-08 15:28 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 15:28 . 2009-03-08 15:28 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 15:27 . 2009-03-08 15:27 12,288 --------- c:\windows\system32\advpack.dll.mui
2009-03-08 15:27 . 2009-03-08 15:27 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 15:26 . 2009-03-08 15:26 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 15:09 . 2009-03-08 15:09 638,816 -----c--- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 15:09 . 2009-03-08 15:09 391,536 -----c--- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 05:34 . 2009-03-08 05:34 1,469,440 -----c--- c:\windows\system32\dllcache\inetcpl.cpl
2009-03-08 05:34 . 2009-03-08 05:34 236,544 -----c--- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 05:34 . 2009-03-08 05:34 193,536 -----c--- c:\windows\system32\dllcache\msrating.dll
2009-03-08 05:34 . 2009-03-08 05:34 109,568 -----c--- c:\windows\system32\dllcache\occache.dll
2009-03-08 05:34 . 2009-03-08 05:34 105,984 -----c--- c:\windows\system32\dllcache\url.dll
2009-03-08 05:34 . 2009-03-08 05:34 43,008 -----c--- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 05:33 . 2009-03-08 05:33 759,296 -----c--- c:\windows\system32\dllcache\VGX.dll
2009-03-08 05:33 . 2009-03-08 05:33 229,376 -----c--- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 05:33 . 2009-03-08 05:33 125,952 -----c--- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 05:33 . 2009-03-08 05:33 25,600 -----c--- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 05:33 . 2009-03-08 05:33 18,944 -----c--- c:\windows\system32\dllcache\corpol.dll
2009-03-08 05:32 . 2009-03-08 05:32 611,840 -----c--- c:\windows\system32\dllcache\mstime.dll
2009-03-08 05:32 . 2009-03-08 05:32 173,056 -----c--- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 05:32 . 2009-03-08 05:32 128,512 -----c--- c:\windows\system32\dllcache\advpack.dll
2009-03-08 05:32 . 2009-03-08 05:32 94,720 -----c--- c:\windows\system32\dllcache\inseng.dll
2009-03-08 05:32 . 2009-03-08 05:32 72,704 -----c--- c:\windows\system32\dllcache\admparse.dll
2009-03-08 05:32 . 2009-03-08 05:32 71,680 -----c--- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 05:32 . 2009-03-08 05:32 55,808 -----c--- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 05:31 . 2009-03-08 05:31 1,638,912 -----c--- c:\windows\system32\dllcache\mshtml.tlb
2009-03-08 05:31 . 2009-03-08 05:31 348,160 -----c--- c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 05:31 . 2009-03-08 05:31 216,064 -----c--- c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 05:31 . 2009-03-08 05:31 183,808 -----c--- c:\windows\system32\dllcache\iepeers.dll
2009-03-08 05:31 . 2009-03-08 05:31 66,560 -----c--- c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 05:31 . 2009-03-08 05:31 48,128 -----c--- c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 05:31 . 2009-03-08 05:31 46,592 -----c--- c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 05:31 . 2009-03-08 05:31 45,568 -----c--- c:\windows\system32\dllcache\mshta.exe
2009-03-08 05:31 . 2009-03-08 05:31 34,816 -----c--- c:\windows\system32\dllcache\imgutil.dll
2009-03-08 05:30 . 2009-03-08 05:30 66,560 -----c--- c:\windows\system32\dllcache\tdc.ocx
2009-03-08 05:24 . 2009-03-08 05:24 68,608 -----c--- c:\windows\system32\dllcache\hmmapi.dll
2009-03-06 22:57 . 2009-03-06 22:57 <DIR> d-------- c:\programmi\Rockstar Games
2009-02-22 18:12 . 2009-03-15 19:31 <DIR> d-------- c:\documents and settings\Emiliano\Dati applicazioni\Skype
2009-02-22 18:11 . 2009-02-22 18:11 <DIR> dr------- c:\programmi\Skype
2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\programmi\File comuni\Skype
2009-02-22 15:10 . 2009-02-22 15:10 <DIR> d-------- c:\programmi\JRE
2009-02-12 23:20 . 2009-02-12 23:20 7,232 --------- c:\windows\system32\IE8Eula.rtf
2009-02-11 22:26 . 2009-02-11 22:26 <DIR> d-------- c:\documents and settings\Emiliano\.config
2009-02-09 20:09 . 2009-02-09 20:09 <DIR> d-------- c:\programmi\MSECache
2009-02-09 15:29 . 2009-02-09 15:29 <DIR> d-------- c:\programmi\DiskInternals
2009-02-07 13:58 . 2009-02-11 17:39 <DIR> d-------- c:\programmi\Google
2009-02-07 13:58 . 2009-03-29 12:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-02-05 20:08 . 2009-02-05 20:08 <DIR> d-------- c:\programmi\Pivot Stickfigure Animator
2009-02-04 21:49 . 2009-02-04 21:49 <DIR> d-------- c:\programmi\Hamachi
2009-02-04 21:49 . 2009-02-05 19:57 <DIR> d-------- c:\documents and settings\Emiliano\Dati applicazioni\Hamachi
2009-02-04 21:49 . 2009-02-04 21:49 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-02-04 21:46 . 2009-02-04 21:46 <DIR> d-------- C:\tempo
2009-02-01 22:29 . 2009-02-01 22:29 <DIR> d-------- c:\programmi\Recuva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 17:23 --------- d-----w c:\documents and settings\Emiliano\Dati applicazioni\OnlineArmor
2009-03-30 17:20 --------- d-----w c:\documents and settings\Marco\Dati applicazioni\OnlineArmor
2009-03-30 13:15 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-03-22 20:33 --------- d-----w c:\programmi\Steam
2009-03-22 20:32 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-20 14:56 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-19 19:46 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-03-17 17:29 --------- d-----w c:\programmi\Microsoft Games
2009-03-15 17:30 --------- d-----w c:\documents and settings\Emiliano\Dati applicazioni\skypePM
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-26 14:02 --------- d-----w c:\programmi\Windows Live
2009-02-22 16:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-02-22 13:09 --------- d-----w c:\programmi\OpenOffice.org 3
2009-02-18 17:48 --------- d-----w c:\programmi\Opera
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 13:48 --------- d-----w c:\documents and settings\Emiliano\Dati applicazioni\uTorrent
2009-01-07 17:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2008-12-25 18:50 2,506 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-25 10:13 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-24 20:49 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-05 06:55 144,896 ----a-w c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"@OnlineArmor GUI"="c:\programmi\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6216192]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" [2008-01-08 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Marco\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-10-07 886984]

[HKLM\~\startupfolder\C:^Documents and Settings^Emiliano^Menu Avvio^Programmi^Esecuzione automatica^hamachi.lnk]
path=c:\documents and settings\Emiliano\Menu Avvio\Programmi\Esecuzione automatica\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Emiliano^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Emiliano\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 18:10 35696 c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 11:02 216520 c:\programmi\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-06-13 19:27 2752512 c:\programmi\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-16 20:09 133104 c:\documents and settings\Emiliano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-01-29 15:01 23975720 c:\programmi\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-25 12:13 136600 c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
--a------ 2008-01-29 12:20 2157064 c:\programmi\XpertVision\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-09-22 17:42 90112 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"gupdate1c9891b8ed8db8e"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-03-12 39472]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-12-14 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-12-14 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-12-14 28872]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-12-14 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-12-14 258305]
R2 AVEService;Servizio assistenza di Avira AntiVir Premium MailGuard;c:\programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-12-14 41217]
R2 OAcat;Online Armor Helper Service;c:\programmi\Tall Emu\Online Armor\oacat.exe [2008-12-14 1402568]
R2 SvcOnlineArmor;Online Armor;c:\programmi\Tall Emu\Online Armor\oasrv.exe [2008-12-14 3314688]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-29 10664]
S4 gupdate1c9891b8ed8db8e;Google Update Service (gupdate1c9891b8ed8db8e);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-30 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 17:55]

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-07 13:59]

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-651377827-725345543-1005.job
- c:\documents and settings\Emiliano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-12-16 20:09]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Steam - c:\programmi\Steam\Steam.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Emiliano\Dati applicazioni\Mozilla\Firefox\Profiles\7hwe6pri.default\
FF - prefs.js: browser.startup.homepage - http://www.goog1e.it
FF - plugin: c:\documents and settings\Emiliano\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 19:46:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(2200)
c:\programmi\Tall Emu\Online Armor\oawatch.dll
c:\windows\system32\ieframe.dll
.
Ora fine scansione: 2009-03-30 19.50.21
ComboFix-quarantined-files.txt 2009-03-30 17:50:15

Pre-Run: 98.510.270.464 byte disponibili
Post-Run: 98,572,316,672 byte disponibili

231 --- E O F --- 2009-03-18 09:13:20

Gmer:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-30 21:48:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwAllocateVirtualMemory [0xF3DC30F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwAssignProcessToJobObject [0xF3DC36E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwConnectPort [0xF3DC2370]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateFile [0xF3DCFE80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateKey [0xF3DCE1B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreatePort [0xF3DC21D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateProcess [0xF3DBFA10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateProcessEx [0xF3DBFDE0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwCreateSection [0xF3DBF520]
SSDT F7C882CC ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDebugActiveProcess [0xF3DC17B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteFile [0xF3DD09C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteKey [0xF3DCE760]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwDeleteValueKey [0xF3DCF0B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwEnumerateKey [0xF3DCFE20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwEnumerateValueKey [0xF3DCFE50]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwLoadDriver [0xF3DC2BC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenFile [0xF3DD05D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenKey [0xF3DCE9A0]
SSDT F7C882B8 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwOpenSection [0xF3DBF7A0]
SSDT F7C882BD ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwProtectVirtualMemory [0xF3DC3390]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwQueryKey [0xF3DCFDC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwQueryValueKey [0xF3DCFDF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwReplaceKey [0xF3DCF8A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwRequestWaitReplyPort [0xF3DC2750]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwRestoreKey [0xF3DCFB00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwResumeThread [0xF3DC1E80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSaveKey [0xF3DCFDA0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetContextThread [0xF3DC15D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetSystemInformation [0xF3DC1930]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSetValueKey [0xF3DCE9C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwShutdownSystem [0xF3DC2AC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSuspendProcess [0xF3DC2030]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSuspendThread [0xF3DC1CB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwSystemDebugControl [0xF3DC1B10]
SSDT F7C882C7 ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwTerminateThread [0xF3DC1400]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu Pty Ltd) ZwUnloadDriver [0xF3DC2DE0]
SSDT F7C882C2 ZwWriteVirtualMemory

INT 0x62 ? 867DABF8
INT 0x63 ? 867DABF8
INT 0x63 ? 867DABF8
INT 0x63 ? 867DABF8
INT 0x82 ? 867DABF8
INT 0x83 ? 86435F00
INT 0x84 ? 86435F00
INT 0x94 ? 86435F00
INT 0xA4 ? 86435F00

Code \??\C:\DOCUME~1\Emiliano\IMPOST~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [D0, 21, DC, F3, 10, FA, DB, ...] {SHL BYTE [ECX], 0x1; FDIVR ST(3), ST; ADC DL, BH; FCOMI ST, ST(3); LOOPNZ 0x7; FCOMI ST, ST(3)}
.text ntkrnlpa.exe!ZwCallbackReturn + 2540 80501D78 4 Bytes JMP 59731159
.text ntkrnlpa.exe!ZwCallbackReturn + 2740 80501F78 4 Bytes JMP 94D71359
.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [30, 20, DC, F3, B0, 1C, DC, ...] {XOR [EAX], AH; FDIVR ST(3), ST; MOV AL, 0x1c; FDIVR ST(3), ST; ADC [EBX], BL; FDIVR ST(3), ST}
? spkv.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload F66BA8AC 5 Bytes JMP 864354E0
.text ajssphvu.SYS F664D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ajssphvu.SYS F664D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ajssphvu.SYS F664D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ajssphvu.SYS F664D3C9 1 Byte [2E]
.text ajssphvu.SYS F664D3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\DOCUME~1\Emiliano\IMPOST~1\Temp\catchme.sys Impossibile trovare il file specificato. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Impossibile trovare il file specificato. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avguard.exe[180] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe[304] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wdfmgr.exe[504] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\csrss.exe[512] KERNEL32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\winlogon.exe[536] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text ...
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\Programmi\Mozilla Firefox\firefox.exe[636] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[744] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text C:\Programmi\Java\jre6\bin\jqs.exe[816] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\CDBurnerXP\NMSAccessU.exe[1004] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\nvsvc32.exe[1100] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text ...
.text C:\Programmi\Tall Emu\Online Armor\oacat.exe[1280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00780001
.text C:\Programmi\Tall Emu\Online Armor\oacat.exe[1280] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Tall Emu\Online Armor\oacat.exe[1280] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text C:\Programmi\Tall Emu\Online Armor\oacat.exe[1280] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe[1304] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1316] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text C:\Programmi\Tall Emu\Online Armor\oasrv.exe[1496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text C:\Programmi\Tall Emu\Online Armor\oasrv.exe[1496] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text C:\Programmi\Tall Emu\Online Armor\oasrv.exe[1496] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe[1504] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE[1728] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\spoolsv.exe[1824] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1832] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Emiliano\Desktop\930yxccq.exe[1860] user32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\Programmi\Google\Update\GoogleUpdate.exe[1868] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 716F003D
.text C:\Programmi\Avira\AntiVir PersonalEdition Premium\sched.exe[1912] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\explorer.exe[2200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\WINDOWS\explorer.exe[2200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\explorer.exe[2200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\explorer.exe[2200] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\explorer.exe[2200] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\explorer.exe[2200] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[2200] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[2536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\WINDOWS\system32\ctfmon.exe[2536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[2536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2536] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[2536] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2536] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2536] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\Programmi\Trend Micro\HijackThis\HijackThis.exe[3204] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AE0001
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3468] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F130F5A
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F11001E
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0E001E
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text C:\Programmi\Tall Emu\Online Armor\oahlp.exe[3552] user32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F14001E
.text C:\Programmi\Tall Emu\Online Armor\oaui.exe[3940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\Programmi\Tall Emu\Online Armor\oaui.exe[3940] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Programmi\Tall Emu\Online Armor\oaui.exe[3940] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text C:\Programmi\Tall Emu\Online Armor\oaui.exe[3940] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text C:\WINDOWS\System32\alg.exe[3972] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DC040] spkv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DC13C] spkv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DC0BE] spkv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DC7FC] spkv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DC6D2] spkv.sys
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ajssphvu.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73EC048] spkv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F769E3B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F769E410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F769E6C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F769E700] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F769E6C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F769E410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F769E3B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F769E3B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F769E410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F769E700] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F769E6C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F769E6C0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F769E700] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F769E3B0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F769E410] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867D91F8
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\usbohci \Device\USBPDO-0 86434500
Device \Driver\PCI_PNP0202 \Device\00000044 spkv.sys
Device \Driver\PCI_PNP0202 \Device\00000044 spkv.sys
Device \Driver\usbohci \Device\USBPDO-1 86434500
Device \Driver\NetBT \Device\NetBT_Tcpip_{16E52BDD-70B7-4EDC-AFA4-457EDD9642A9} 8657A1F8
Device \Driver\usbohci \Device\USBPDO-2 86434500
Device \Driver\usbehci \Device\USBPDO-3 8640B1F8
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\NetBT \Device\NetBT_Tcpip_{FD691ED0-1EEB-45F8-BA73-7495A21952DA} 8657A1F8
Device \Driver\sptd \Device\2168940202 spkv.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8676F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom0 865441F8
Device \Driver\usbstor \Device\00000065 865F4500
Device \Driver\Cdrom \Device\CdRom1 865441F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8676F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Ftdisk \Device\HarddiskVolume4 8676F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\usbstor \Device\00000068 865F4500
Device \Driver\usbstor \Device\00000069 865F4500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8657A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8657A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{117A47B0-3B87-4523-98D2-B0C78980ECFA} 8657A1F8
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\usbstor \Device\0000006a 865F4500
Device \Driver\usbstor \Device\0000006b 865F4500
Device \Driver\usbohci \Device\USBFDO-0 86434500
Device \Driver\usbohci \Device\USBFDO-1 86434500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 865911F8
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu Pty Ltd)
Device \Driver\usbohci \Device\USBFDO-2 86434500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 865911F8
Device \Driver\usbehci \Device\USBFDO-3 8640B1F8
Device \Driver\Ftdisk \Device\FtControl 8676F1F8
Device \Driver\ajssphvu \Device\Scsi\ajssphvu1Port4Path0Target0Lun0 863FF1F8
Device \Driver\ajssphvu \Device\Scsi\ajssphvu1 863FF1F8
Device \FileSystem\Cdfs \Cdfs 865BA1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x98 0x65 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0xBD 0xC4 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDF 0x41 0x62 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programmi\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x98 0x65 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0xBD 0xC4 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDF 0x41 0x62 0x45 ...

---- EOF - GMER 1.0.15 ----

[ste_95]

I log sono puliti.

[riise90]

Ho aggiornato Antivir alla versione 9 ed ho reinstallato Online Armor. Vediamo ora come va.......

[riise90]

Va molto male .... Ora con l' antivirus non ho problemi ma il firewall si blocca appena tento di accederci, anche se il modulo HIPS funziona perfettamente. Secondo voi mi conviene provare con un altro firewall?

[ba_61]

Secondo voi mi conviene provare con un altro firewall

Prova, anche se personalmente non ne ho mai usato uno (solo quelli di default di XP, Vista & C.).

Non è una risposta, ma solo per chiedermi come mai Avira dovrebbe presentare tutti questi problemi: non può essere un caso che personalmente non me ne crea, sia Standard o Premium (solo un leggero rallentamento con il WebGuard attivato che è normale).

Ergo: che la fonte dei problemi non risieda altrove.

[Fred]

Tanto per dire: provato a far girare pulitori di registro et similia?

[riise90]

Tanto per dire: provato a far girare pulitori di registro et similia?

Già fatto ma non è cambiato nulla.

Prova, anche se personalmente non ne ho mai usato uno (solo quelli di default di XP, Vista & C.).

Ora ci provo anche io a nagivare senza firewall.