Ho fatto le scansioni, vi mostro i risutati.
Dico subito che nella cartella "c:\Documents and Settings\(mio nome utente)\Impostazioni locali\temp" erano presenti una 30a di file con estensioni .exe e strani nomi.
Inoltre sul task manager era presente questa applicazione: "76exmodul32.b.exe"
Scansione Con GMER:
Rootkit:
MER 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2006-11-30 13:32:43
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF2E 5 Bytes JMP EE0316C0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF718 5 Bytes JMP EE031B50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + 100 80544C20 7 Bytes JMP EE033E10 \??\C:\WINDOWS\system32\drivers\klif.sys
.text USBPORT.SYS!DllUnload F635262C 5 Bytes JMP 862F8860
---- User code sections - GMER 1.0.12 ----
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 27001B60 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!FindResourceExW 7C80AB10 7 Bytes JMP 27001AD0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 27001A50 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 27001C00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!LockResource 7C80C6CF 2 Bytes JMP 27001CA0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!LockResource + 3 7C80C6D2 2 Bytes [ 7F, AA ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 27001840 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 27001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 27001050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, AF, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003750 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003260 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004A90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B30 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!send 71A3428A 5 Bytes JMP 27009640 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 27009430 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!recv 71A3615A 5 Bytes JMP 270092A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 270097C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 270099D0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 5 Bytes JMP 27002B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ole32.dll!CoInitializeEx 774CEF6B 5 Bytes JMP 27001D00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] ole32.dll!CoRegisterClassObject 774E8720 5 Bytes JMP 27001E00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!HttpOpenRequestA 771936AD 5 Bytes JMP 270081B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!InternetCloseHandle 77194D6C 5 Bytes JMP 27008490 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!HttpSendRequestA 77196249 5 Bytes JMP 270083E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[2112] WININET.dll!InternetReadFile 771980F4 5 Bytes JMP 27008310 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 865621D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 865621D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85ED73B8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85ED73B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 862F7940
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 862F7940
Device \Driver\00000050 \Device\00000051 IRP_MJ_POWER [F72BEC7E] sptd.sys
Device \Driver\00000050 \Device\00000051 IRP_MJ_SYSTEM_CONTROL [F72D82A2] sptd.sys
Device \Driver\00000050 \Device\00000051 IRP_MJ_PNP [F72D9228] sptd.sys
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 863B71D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 865D51D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 865D51D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 865651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 865651D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862A0748
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 865641D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 865641D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 862A0748
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 862A0748
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8601A980
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_NAMED_PIPE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CLOSE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_READ 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_WRITE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_EA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_EA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_FLUSH_BUFFERS 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_DIRECTORY_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_FILE_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SHUTDOWN 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_LOCK_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CLEANUP 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_MAILSLOT 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_SECURITY 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_SECURITY 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_POWER 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CHANGE 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_QUOTA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_QUOTA 865D41D8
Device \Driver\nvata \Device\00000078 IRP_MJ_PNP 865D41D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC1FD66A-2635-4017-80EC-B7810CCB9F74} IRP_MJ_PNP 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_CREATE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_CLOSE 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_INTERNAL_DEVICE_CONTROL 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_CLEANUP 8601A980
Device \Driver\NetBT \Device\NetBT_Tcpip_{1ED49DE5-B5B5-4694-B1A6-FC787E5E0BE3} IRP_MJ_PNP 8601A980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 862F7940
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 862F7940
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 863B71D8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 863B71D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 865D41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86102980
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 865D41D8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 865D41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86102980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86102980
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 865651D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 865651D8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_CREATE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_CLOSE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_POWER 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_SYSTEM_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1 IRP_MJ_PNP 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_CREATE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_CLOSE 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_POWER 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 862554A8
Device \Driver\atmotwon \Device\Scsi\atmotwon1Port4Path0Target0Lun0 IRP_MJ_PNP 862554A8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85ED73B8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85ED73B8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8612C698
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8612C698
---- Threads - GMER 1.0.12 ----
Thread 4:172 8643B950
Thread 4:176 8641BC60
Thread 4:180 8641BC60
Thread 4:1924 84B33560
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.12 ----
ADS C:\+Discografia+\Gigi D'Agostino\(2006) Some Experiments\Cd 1\01. Dottor Dag - Lo Sbaglio (Quaglio Mix).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\(Cambia La Tua Vita).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\(Cammino).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\Gigi D'Agostino - Please Don't Cry.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\Gigi D'Agostino Feat. Diana - Vorrei Fare Una Canzone.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Gigi D'Agostino\=Varie=\2006 (Il Cammino di Gigi D'Agostino)\Onironauti - Eden (Vocal Remix).mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\01. Linda Pearl - Into.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\02. Linda Pearl - Muetzi.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\03. Killswitch & Reset - Freddys Revenge.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\04. Viper XXL - Punisher.mp3:Roxio EMC Stream
ADS C:\+Discografia+\Schranz Total\Schranz Total 14.0\Cd 1 (Mixed By Linda Pearl)\05. Felix Kröcher - A Marked Preference For Hardtechno.mp3:Roxio EMC Stream
ADS ...
---- EOF - GMER 1.0.12 ----
Autorun:
GMER 1.0.12.12011 -
http://www.gmer.net
Autostart scan 2006-11-30 13:33:14
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostvistaui.exe = vistaui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon@DLLName = C:\WINDOWS\system32\klogon.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP /*Kaspersky Internet Security 6.0*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r
nTuneService /*nTune Service*/@ = C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe /StartService /*file not found*/
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
SimpTcp /*Servizi semplici TCP/IP*/@ = %SystemRoot%\system32\tcpsvcs.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@CTSysVolC:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r /*file not found*/ = C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r /*file not found*/
@P17HelperRundll32 P17.dll,P17Helper = Rundll32 P17.dll,P17Helper
@EPSON Stylus C64 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
@PD0630 STISvcRunDLL32.exe P0630Pin.dll,RunDLL32EP 513 = RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
@NVIDIA nTune"C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear = "C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
@amd_dc_opt"C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe" = "C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@LClockC:\Programmi\LClock\LClock.exe = C:\Programmi\LClock\LClock.exe
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@kis"C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" = "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
@NeroFilterCheckC:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@msnmsgr"C:\Programmi\MSN Messenger\msnmsgr.exe" /background = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
@updateMgr"C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1 = "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@UPnPMonitor = C:\WINDOWS\system32\upnpui.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Periferiche Plug and Play universali*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/(null) =
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\kbcplext.dll = C:\Programmi\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Programmi\Logitech\SetPoint\mcplext.dll = C:\Programmi\Logitech\SetPoint\mcplext.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/(null) =
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Programmi\Pinnacle\Studio 10\programs\BlueShellExt.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}C:\PROGRA~1\FlashGet\jccatch.dll = C:\PROGRA~1\FlashGet\jccatch.dll
@{598F4775-6FB6-477B-9842-E0426824E077}C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll = C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.leeman-automatisering.nl/startpagina =
http://www.leeman-automatisering.nl/startpagina
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout
:blank = about
:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Logitech SetPoint.lnk = Logitech SetPoint.lnk
QuickTV6.lnk = QuickTV6.lnk
---- EOF - GMER 1.0.12 ----
Scansione con hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13.34.43, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\AVerTV 6.0\AVerQT.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\DOCUME~1\B3T@\IMPOST~1\Temp\76exmodul32f.b.exe
C:\Documents and Settings\B3T@\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.leeman-automatisering.nl/startpagina
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\B3T@\IMPOST~1\Temp\~DP91.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kis] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickTV6.lnk = C:\Programmi\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: Aggiungi a Kaspersky Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1148463263281
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1FD66A-2635-4017-80EC-B7810CCB9F74}: NameServer = 85.37.17.14 85.38.28.78
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmi\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe (file missing)