|
|||||||
|
|
|
 |
|
|
Strumenti |
10-10-2007, 14:14
|
#1 |
|
Member
Iscritto dal: Jan 2007
Città: Manfredonia
Messaggi: 64
|
Kerio mi segnala numerosissime eventi in entrata
Ciao a tutti!
è da 5 giorni che kerio personal firewall mi segnala una situazione mai registrata prima, richieste di connessioni agni 4,5 anke 2 minuti,che kerio blocca. gli indirizzi remoti sono parecchi,non solo 1 o 2.  Ho fatto scansioni con NOD 32(mi ha rilevato 3 propably variant of win 32 agent troyan che ho rimosso) ,AVG anti-spyware(solo pochi tracking coockie che ho rimosso) e panda antiroot-kit(sia standard che in depth ma entrambe non hanno rilevato nulla),ho fatto pulizia con ccleaner,ho postato il log di hijackthis sul suo sito(nulla di anomalo). Sapete darmi una mano? Ultima modifica di freskekko : 10-10-2007 alle 14:17. |
|
|
|
10-10-2007, 20:16
|
#2 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
win agent trojan è troppo generico,ne esistono migliaia di varianti
 posta log di hijackthis e gmer 
|
|
|
|
|
11-10-2007, 08:46
|
#3 |
|
Member
Iscritto dal: Jan 2007
Città: Manfredonia
Messaggi: 64
|
Codice:
Logfile of HijackThis v1.99.1
Scan saved at 8.57.18, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Eset\nod32kui.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Opera\Opera.exe
D:\Documenti\File d' istallazione\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [ASUS Probe] c:\programmi\asus\pc probe\AsusProb.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: kpf4ss.exe.lnk = C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
allego anche alcuni risultati della scansione di nod C:\System Volume Information\_restore{1C3831C9-EE89-4696-953B-02E48E0513DE}\RP207\A0027341.exe - a variant of Win32/Tool.TPE.A application C:\System Volume Information\_restore{1C3831C9-EE89-4696-953B-02E48E0513DE}\RP207\A0027342.exe - probably a variant of Win32/Agent trojan D:\System Volume Information\_restore{764E4F12-102B-4DA4-BF30-71FBCA2914D9}\RP64\A0026984.exe - probably a variant of Win32/Agent trojan e in più c'era qualche patch e cra*k della cui bontà però sono quasi certo poichè segnalati in un forum di tutto rispetto... ecco i log di gmer: Codice:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-11 09:41:50
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \??\C:\Programmi\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \??\C:\Programmi\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.13 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F7318A5F 6 Bytes JMP EE393ED0 \SystemRoot\system32\drivers\fwdrv.sys
---- User code sections - GMER 1.0.13 ----
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[144] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Eset\nod32kui.exe[172] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\Eset\nod32kui.exe[172] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\Eset\nod32kui.exe[172] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Keyboard\Ikeymain.exe[200] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00130DB0
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00130F54
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00130D24
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00130E3C
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00130FE0
.text C:\Programmi\AVG Anti-Spyware 7.5\avgas.exe[212] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00130EC8
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\ATKKBService.exe[444] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\ATKKBService.exe[444] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\ATKKBService.exe[444] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\AVG Anti-Spyware 7.5\guard.exe[464] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[492] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\CTsvcCDA.EXE[516] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000308C4
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00030838
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00030950
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00030DB0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00030F54
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00030D24
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00030E3C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00030FE0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[568] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00030EC8
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Eset\nod32krn.exe[600] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\Eset\nod32krn.exe[600] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\Eset\nod32krn.exe[600] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\Eset\nod32krn.exe[600] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Eset\nod32krn.exe[600] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Eset\nod32krn.exe[600] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[696] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[696] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[696] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[744] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[744] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[768] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[768] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[768] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[812] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[812] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[812] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[980] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[980] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\MsPMSPSv.exe[1232] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00080EC8
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\Canon\CAL\CALMAIN.exe[1560] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1904] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1904] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1904] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1904] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1904] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\SOUNDMAN.EXE[2040] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\SOUNDMAN.EXE[2040] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\SOUNDMAN.EXE[2040] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2112] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2112] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2112] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2112] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2112] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2192] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[2208] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Opera\Opera.exe[3532] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Programmi\Opera\Opera.exe[3532] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Programmi\Opera\Opera.exe[3532] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Programmi\Opera\Opera.exe[3532] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Opera\Opera.exe[3532] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Opera\Opera.exe[3532] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Opera\Opera.exe[3532] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00130DB0
.text C:\Programmi\Opera\Opera.exe[3532] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00130F54
.text C:\Programmi\Opera\Opera.exe[3532] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00130D24
.text C:\Programmi\Opera\Opera.exe[3532] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00130E3C
.text C:\Programmi\Opera\Opera.exe[3532] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00130FE0
.text C:\Programmi\Opera\Opera.exe[3532] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00130EC8
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Francesco\Desktop\gmer\gmer.exe[3696] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EE393CE0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EE393D00] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EE393D90] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EE393DC0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EE393D90] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EE393D00] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EE393CE0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [EE393D00] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [EE393D90] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [EE393CE0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [EE393DC0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EE393D90] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EE393DC0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EE393CE0] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EE393D00] \SystemRoot\system32\drivers\fwdrv.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 864D72E8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B8800FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B8800BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B88013D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B880167A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B880167A] amon.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86307F10
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ 863E1EB8
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EE37B5B0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ 863E1EB8
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [EE37B5B0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [804F33F8] ntkrnlpa.exe
Device \Driver\fwdrv \Device\FWDRV IRP_MJ_READ 863E1EB8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8630CCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8630CCF0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86365868
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8630CCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8630CCF0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-28 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort4 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdePort5 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-20 IRP_MJ_PNP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_NAMED_PIPE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLOSE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_READ 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_WRITE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_EA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FLUSH_BUFFERS 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DIRECTORY_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SHUTDOWN 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_LOCK_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLEANUP 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_MAILSLOT 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_SECURITY 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_POWER 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SYSTEM_CONTROL 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CHANGE 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_QUOTA 863022C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP 863022C0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 861B23C8
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ 863E1EB8
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [EE37B5B0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ 863E1EB8
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [EE37B5B0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [EE37B4A0] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [804F33F8] ntkrnlpa.exe
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [804F33F8] ntkrnlpa.exe
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8636B498
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8636B498
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 863A5E20
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 863AFCB0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86307F10
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B8800FE2] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B8800BEC] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B88013D4] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B880167A] amon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B880167A] amon.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 862D4160
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 862D4160
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 862D4160
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 862D4160
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 862D4160
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86380D40
---- Modules - GMER 1.0.13 ----
Module _________ F7419000-F7431000 (98304 bytes)
---- Processes - GMER 1.0.13 ----
Process C:\WINDOWS\system32\notepad.exe (*** hidden *** ) 3992
---- Files - GMER 1.0.13 ----
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\00\100-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v100-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\00\100-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v100-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\00\100-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v100-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\01\101-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v101-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\01\101-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v101-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\01\101-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v101-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\01\92-{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}-v1-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\02\102-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v102-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v102-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\02\102-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v102-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v102-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\02\102-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v102-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v102-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\03\103-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v103-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\03\103-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v103-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\03\103-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v103-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\04\104-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v104-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\04\104-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v104-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\04\104-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v104-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\05\432-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v105-{C0D2066F-DA30-4205-8A56-79EC94B9D18C}-v432-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\05\432-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v105-{C0D2066F-DA30-4205-8A56-79EC94B9D18C}-v432-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\06\106-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v106-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\06\106-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v106-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\06\106-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v106-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\07\107-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v107-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\07\107-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v107-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\08\436-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v108-{C0D2066F-DA30-4205-8A56-79EC94B9D18C}-v436-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\08\436-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v108-{C0D2066F-DA30-4205-8A56-79EC94B9D18C}-v436-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\09\109-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v109-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\09\109-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v109-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\09\109-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v109-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v109-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\10\110-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v110-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v110-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\10\110-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v110-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v110-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\10\110-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v110-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v110-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\11\111-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v111-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v111-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\11\111-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v111-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v111-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\12\112-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v112-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\12\112-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v112-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v112-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\13\113-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v113-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v113-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\13\113-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v113-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v113-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\93\93-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v93-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\94\94-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v94-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\94\94-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v94-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\94\94-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v94-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\95\95-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v95-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\95\95-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v95-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\95\95-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v95-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\96\419-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v96-{C0D2066F-DA30-4205-8A56-79EC94B9D18C}-v419-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\96\419-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v96-{C0D2066F-DA30-4205-8A56-79EC94B9D18C}-v419-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\97\97-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v97-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\97\97-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v97-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\97\97-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v97-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\98\98-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v98-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\98\98-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v98-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\98\98-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v98-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\99\99-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v99-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\99\99-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v99-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\sxxxx@hotmail.it\DFSR\Staging\CS{2D92FA5E-8C87-9B68-3736-48CA2CF0182E}\99\99-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v99-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\01\142-{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}-v1-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\18\18-{93299F01-FD54-484E-B417-645F53CD48FB}-v18-{93299F01-FD54-484E-B417-645F53CD48FB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\19\119-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v119-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\20\120-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v120-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\20\120-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v120-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\21\121-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v121-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\21\121-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v121-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\22\122-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v122-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\22\122-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v122-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v122-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\23\123-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v123-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v123-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\23\123-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v123-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v123-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\24\124-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v124-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v124-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\24\124-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v124-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v124-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\25\125-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v125-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\25\125-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v125-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\26\126-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v126-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v126-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\26\126-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v126-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v126-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\27\127-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v127-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\27\127-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v127-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v127-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\28\128-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v128-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v128-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\28\128-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v128-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v128-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\30\130-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v130-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v130-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\30\130-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v130-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v130-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\31\131-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v131-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\31\131-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v131-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\32\138-{93299F01-FD54-484E-B417-645F53CD48FB}-v32-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\32\138-{93299F01-FD54-484E-B417-645F53CD48FB}-v32-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\33\136-{93299F01-FD54-484E-B417-645F53CD48FB}-v33-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\33\136-{93299F01-FD54-484E-B417-645F53CD48FB}-v33-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\34\139-{93299F01-FD54-484E-B417-645F53CD48FB}-v34-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\34\139-{93299F01-FD54-484E-B417-645F53CD48FB}-v34-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\35\137-{93299F01-FD54-484E-B417-645F53CD48FB}-v35-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\35\137-{93299F01-FD54-484E-B417-645F53CD48FB}-v35-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\36\140-{93299F01-FD54-484E-B417-645F53CD48FB}-v36-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v140-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\36\140-{93299F01-FD54-484E-B417-645F53CD48FB}-v36-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v140-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\39\141-{93299F01-FD54-484E-B417-645F53CD48FB}-v39-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xhxxx@hotmail.it\DFSR\Staging\CS{DDABEDB1-AAEC-3575-9723-8B09FA89F57F}\39\141-{93299F01-FD54-484E-B417-645F53CD48FB}-v39-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\01\11-{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}-v1-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\49\52-{07A66020-4200-48E8-8267-15BECB8633F4}-v49-{07A66020-4200-48E8-8267-15BECB8633F4}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\50\53-{07A66020-4200-48E8-8267-15BECB8633F4}-v50-{07A66020-4200-48E8-8267-15BECB8633F4}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\51\54-{07A66020-4200-48E8-8267-15BECB8633F4}-v51-{07A66020-4200-48E8-8267-15BECB8633F4}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\58\75-{07A66020-4200-48E8-8267-15BECB8633F4}-v58-{07A66020-4200-48E8-8267-15BECB8633F4}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\59\76-{07A66020-4200-48E8-8267-15BECB8633F4}-v59-{07A66020-4200-48E8-8267-15BECB8633F4}-v76-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xuxgxo@hotmail.it\DFSR\Staging\CS{CDB5A7BD-716D-0B99-DA6C-EACB289B9924}\60\77-{07A66020-4200-48E8-8267-15BECB8633F4}-v60-{07A66020-4200-48E8-8267-15BECB8633F4}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Francesco\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxx@hotmail.it\SharingMetadata\xxxzia.xx@hotmail.it\DFSR\Staging\CS{C1FF73AD-5CA4-1C1E-3020-2B593500C428}\01\133-{C1FF73AD-5CA4-1C1E-3020-2B593500C428}-v1-{748EB21E-6957-4ECD-A6F2-3E614D2DE58E}-v133-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.13 ----
Anche in process è segnalato in rosso e hidden,mentre nel task manager non c'è proprio. |
|
|
|
|
11-10-2007, 09:00
|
#4 |
|
Member
Iscritto dal: Jan 2007
Città: Manfredonia
Messaggi: 64
|
chiedo scusa,non è stata colpa mia,il browser mi si è imballato e ho fatto il casino.
chiedo umilmente e gentilmente al primo mod che passa di lasciare solo la prima delle mie risposte |
|
|
|
|
11-10-2007, 11:12
|
#5 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
ti ho cancellato i 4 mes
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
11-10-2007, 12:09
|
#6 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
disabilita il ripristino di sistema e rifai le scansioni
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
11-10-2007, 13:31
|
#7 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
cancella gli ADS per il resto non vedo nulla di anomalo.
il problema di notepad probabilmente è dovuto al falso positivo con nod32 di qualche mese fa |
|
|
|
|
11-10-2007, 17:31
|
#8 |
|
Member
Iscritto dal: Jan 2007
Città: Manfredonia
Messaggi: 64
|
ho disattivato il ripristino,rifatto le scansioni(nod,avg,panda antirootkit,gmer e ASDR toll di nod) eliminato gli ads ma le connessioni in ingresso continuano a fioccare.
Ma essendo connessioni in ingresso questo cosa vuol dire?chi è che cerca di entrare?oltre al firewall non posso fare nient'altro?se formatto risolvo? Ultima modifica di freskekko : 11-10-2007 alle 17:34. |
|
|
|
|
12-10-2007, 14:43
|
#9 |
|
Member
Iscritto dal: Jan 2007
Città: Manfredonia
Messaggi: 64
|
sto segundo anche la discussione aperta dal morris.xxx e noto analogie col mio problema.
come avete consigliato a lui,per cambiare ip ho staccato e riattaccato il modem,beh,nn appena si è riconnesso ho ricevuto immadiatamente tentativi di intrusione!A fatto prima lui(l'intruso) ad accorgersene che io che ho cambiato ip!!! |
|
|
|
|
12-10-2007, 14:52
|
#10 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
è evidente che c'è qualcosa dall'interno che fa "da richiamo"
prova a monitorare la situazione con tcpview in modo da vedere quale programmi ti apre la porta e cerca di uscire |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 03:47.
