Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Problema con windows media player e varie [RISOLTO]

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Problema con windows media player e varie [RISOLTO]

Messaggioda CarDependant » ven feb 09, 2007 11:24 pm

Come descritto in oggetto, mi si bloccano quando li avvio e sono costretto a forzarne la chiusura...

Qui il log di HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 22.21.32, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\AppPatch\explorer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Carmelo\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.1 winmx.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B9B06A6-E049-44D4-B890-E02CD494E7FF}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B9B06A6-E049-44D4-B890-E02CD494E7FF}: NameServer = 213.205.36.70 213.205.32.70
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O23 - Service: DirectX Service (DirectPakg) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Programmi\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Programmi\File comuni\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Programmi\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Programmi\File comuni\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Programmi\File comuni\PFShared\UmxPol.exe
Ultima modifica di CarDependant il sab feb 10, 2007 11:12 pm, modificato 1 volta in totale.
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda crazy.cat » sab feb 10, 2007 9:23 am

Il log è stato fatto in modalità provvisoria, o non usi un antivirus?

Nel log non c'è niente.

Ti si bloccano come?
Che errori?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Amantide » sab feb 10, 2007 3:29 pm

Veramente un virus c'è e sembra essere proprio uno di quelli che disattivano gli antivirus:

O23 - Service: DirectX Service (DirectPakg) - Unknown owner - C:\WINDOWS\system32\directx.exe

Abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti), termina dal task manager il processo directx.exe, scarica Unlocker ed elimina questo file
C:\WINDOWS\system32\directx.exe
Puoi eliminarlo anche dalla modalità provvisoria.
Dopo vai su Start--> Esegui, scrivi CMD e premi Ok.
Nel prompt dei comandi scrivi questo comando e premi Invio:
sc stop DirectPakg
Poi inserisci questo comando e premi altra volta Invio:
sc delete DirectPakg

Alla fine reinstalla antivirus e fai la scansione dalla modalità provisoria.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Messaggioda CarDependant » sab feb 10, 2007 8:38 pm

Continua il problema nonostante ho eliminato quel file, directx.exe e dimenticavo avevo anche il problema che Internet Explorer e Live Messenger non mi si collegavano e tutt'ora ce l'ho. [V]
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda Amantide » sab feb 10, 2007 8:44 pm

Hai reinstallato l'antivirus ed hai fatto la scansione dalla modalità provvisoria?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda CarDependant » sab feb 10, 2007 8:54 pm

Sto usando lo scan online di TrendMicro...

Cavolo, appena avviato improvvisamente si chiude Firefox, provo con AVS...

si blocca l'installazione al momento di scegliere il percorso dove installarlo AIUTOOOO!!! [V]
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda Amantide » sab feb 10, 2007 9:52 pm

In che senso IE e MSN non si collegono? Non riesci ad accedere in internet?

Intanto scarica Gmer, vai su tab Rootkit, spunta la vose Show all e clicca su Scan. A scansione terminata clicca su Copy ed incolla il risultato sul blocco note o direttamente qui. Ripeti l'operazione anche per Autostart.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda CarDependant » sab feb 10, 2007 10:38 pm

Qui il LOG di GMER per la sezione Rootkit:

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-10 21:34:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwCreateSection
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwSetInformationProcess
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

PAGENPNP NDIS.sys!NdisRegisterProtocol F725517D 5 Bytes JMP F721CF40 kmxndis.sys
PAGENPNP NDIS.sys!NdisOpenAdapter F7255397 5 Bytes JMP F721C6E0 kmxndis.sys
PAGENPNP NDIS.sys!NdisClOpenAddressFamily F7256127 5 Bytes JMP F721AFD0 kmxndis.sys
PAGENPNP NDIS.sys!NdisCmRegisterAddressFamily F7256672 5 Bytes JMP F721B080 kmxndis.sys
PAGENPNP NDIS.sys!NdisMSetAttributesEx F7258A6F 5 Bytes JMP F721D280 kmxndis.sys
PAGENPNP NDIS.sys!NdisMCmRegisterAddressFamily F7259220 5 Bytes JMP F721B130 kmxndis.sys
PAGENPNP NDIS.sys!NdisInitializeWrapper F725A2BF 5 Bytes JMP F721CE80 kmxndis.sys
PAGENPNP NDIS.sys!NdisMRegisterMiniport F725A3D5 5 Bytes JMP F721DBA0 kmxndis.sys
PAGENPNP NDIS.sys!NdisIMRegisterLayeredMiniport F725AA8D 5 Bytes JMP F721DC70 kmxndis.sys
PAGENPNP NDIS.sys!NdisIMAssociateMiniport F725AAD3 5 Bytes JMP F721D1C0 kmxndis.sys
PAGENPNP NDIS.sys!NdisCloseAdapter F725F61E 5 Bytes JMP F721CD60 kmxndis.sys
PAGENPNP NDIS.sys!NdisTerminateWrapper F725F8C8 5 Bytes JMP F721D760 kmxndis.sys
PAGENDCO NDIS.sys!NdisMCoSendComplete F726D234 5 Bytes JMP F721B540 kmxndis.sys
.text USBPORT.SYS!DllUnload F663980C 5 Bytes JMP 863384A8

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\alg.exe[188] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\alg.exe[188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\alg.exe[188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\alg.exe[188] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\alg.exe[188] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\alg.exe[188] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\System32\UmxSbxw.dll
.text C:\WINDOWS\AppPatch\explorer.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\AppPatch\explorer.exe[1056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\AppPatch\explorer.exe[1056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\AppPatch\explorer.exe[1056] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\AppPatch\explorer.exe[1056] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\AppPatch\explorer.exe[1056] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Tiny Firewall Pro\UmxTray.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Tiny Firewall Pro\UmxTray.exe[1468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Tiny Firewall Pro\UmxTray.exe[1468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Tiny Firewall Pro\UmxTray.exe[1468] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Tiny Firewall Pro\UmxTray.exe[1468] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Tiny Firewall Pro\UmxTray.exe[1468] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 5FF2A22C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 5FF2A348 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!TerminateProcess 7C801E16 5 Bytes JMP 5FF258EC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 5FF29ED8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!VirtualAllocEx 7C809A72 7 Bytes JMP 5FF2A110 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 5FF29FF4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!TerminateThread 7C81CA8B 5 Bytes JMP 5FF25A08 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!OpenThread 7C82FB40 5 Bytes JMP 5FF2A8D4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] kernel32.dll!DebugActiveProcess 7C85A303 5 Bytes JMP 5FF2A9F0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!QueryServiceStatus 77F55EB8 7 Bytes JMP 5FF27C70 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!OpenSCManagerW 77F560BD 7 Bytes JMP 5FF27390 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!OpenServiceW 77F56165 7 Bytes JMP 5FF27800 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!SetFileSecurityW 77F5AA69 5 Bytes JMP 5FF292A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!OpenSCManagerA 77F5ADA7 7 Bytes JMP 5FF27274 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!EnumServicesStatusA 77F5AF3F 7 Bytes JMP 5FF28ADC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!ControlService 77F5B635 7 Bytes JMP 5FF27EA8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!OpenServiceA 77F5B88C 7 Bytes JMP 5FF276E4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!StartServiceW 77F5BBAC 7 Bytes JMP 5FF27B54 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!SetSecurityInfo 77F6087F 5 Bytes JMP 5FF295F8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!SetNamedSecurityInfoW 77F61285 5 Bytes JMP 5FF29830 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!QueryServiceStatusEx 77F61AA2 7 Bytes JMP 5FF27D8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!StartServiceA 77F63238 7 Bytes JMP 5FF27A38 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!QueryServiceConfigA 77F65462 7 Bytes JMP 5FF27FC4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!AbortSystemShutdownW 77F6670D 5 Bytes JMP 5FF2B1B8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 5FF29B84 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!QueryServiceConfigW 77F690F2 7 Bytes JMP 5FF280E0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!AdjustTokenPrivileges 77F6C534 5 Bytes JMP 5FF2906C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!SetKernelObjectSecurity 77F6D1BD 5 Bytes JMP 5FF293C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 5FF29A68 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!CreateProcessWithLogonW 77F85C9D 5 Bytes JMP 5FF29CA0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!InitiateSystemShutdownW 77FA4B11 5 Bytes JMP 5FF2AD48 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!InitiateSystemShutdownExW 77FA4BA5 5 Bytes JMP 5FF2AF80 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!EnumServicesStatusExW 77FA681B 7 Bytes JMP 5FF28E30 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!EnumServicesStatusExA 77FA6A8F 7 Bytes JMP 5FF28D14 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 77FA6BE1 7 Bytes JMP 5FF294DC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 7 Bytes JMP 5FF2866C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 7 Bytes JMP 5FF28788 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 7 Bytes JMP 5FF288A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 7 Bytes JMP 5FF289C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!CreateServiceA 77FA7071 3 Bytes JMP 5FF274AC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!CreateServiceA + 4 77FA7075 3 Bytes [ E7, 90, 90 ]
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!CreateServiceW 77FA7209 7 Bytes JMP 5FF275C8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!DeleteService 77FA7311 7 Bytes JMP 5FF2791C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!EnumDependentServicesA 77FA7389 7 Bytes JMP 5FF28434 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!EnumDependentServicesW 77FA7441 7 Bytes JMP 5FF28550 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!QueryServiceConfig2A 77FA77F9 7 Bytes JMP 5FF281FC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!QueryServiceConfig2W 77FA78F9 7 Bytes JMP 5FF28318 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ADVAPI32.dll!EnumServicesStatusW 77FA7B91 5 Bytes JMP 5FF28BF8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!PostMessageW 77D18CCB 5 Bytes JMP 5FF25F94 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageW 77D1B8BA 5 Bytes JMP 5FF25D5C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!PostMessageA 77D1CB85 5 Bytes JMP 5FF25E78 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageTimeoutW 77D1E48A 5 Bytes JMP 5FF2663C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendNotifyMessageW 77D20E4F 5 Bytes JMP 5FF26874 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageCallbackW 77D20EDB 2 Bytes JMP 5FF26404 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageCallbackW + 3 77D20EDE 2 Bytes [ 20, E8 ]
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!PostThreadMessageW 77D210CF 5 Bytes JMP 5FF261CC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!PostThreadMessageA 77D210DC 5 Bytes JMP 5FF260B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendDlgItemMessageW 77D25CDA 5 Bytes JMP 5FF26AAC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!BroadcastSystemMessageW 77D2813C 5 Bytes JMP 5FF26CE4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SetUserObjectSecurity 77D2AE4B 5 Bytes JMP 5FF2994C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SetWindowsHookW 77D2B61A 5 Bytes JMP 5FF2A7B8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!BroadcastSystemMessageExW 77D2D0E4 5 Bytes JMP 5FF26F1C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 5FF2A580 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageA 77D2F39A 5 Bytes JMP 5FF25C40 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageTimeoutA 77D2FB43 5 Bytes JMP 5FF26520 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!OpenClipboard 77D3024F 5 Bytes JMP 5FF238BC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 5FF2A464 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendDlgItemMessageA 77D3C2BF 5 Bytes JMP 5FF26990 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SetWindowsHookA 77D3ED41 5 Bytes JMP 5FF2A69C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendNotifyMessageA 77D53650 5 Bytes JMP 5FF26758 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!EndTask 77D59C5D 5 Bytes JMP 5FF25B24 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!ExitWindowsEx 77D59E2D 5 Bytes JMP 5FF2B2D4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!BroadcastSystemMessageExA 77D6AA57 5 Bytes JMP 5FF26E00 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!BroadcastSystemMessage 77D6AA7E 5 Bytes JMP 5FF26BC8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] USER32.dll!SendMessageCallbackA 77D6ACE9 5 Bytes JMP 5FF262E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 5FF230F4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 5FF2332C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 5FF23210 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ole32.dll!CoGetClassObject 774E56DD 5 Bytes JMP 5FF23448 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ole32.dll!CoGetInstanceFromFile 775190A2 5 Bytes JMP 5FF23564 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] ole32.dll!CoGetInstanceFromIStorage 775667D5 5 Bytes JMP 5FF23680 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\explorer.exe[1568] SHELL32.dll!SHCreateProcessAsUserW 7CAD83EA 5 Bytes JMP 5FF29DBC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\slserv.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\slserv.exe[1696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\slserv.exe[1696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\slserv.exe[1696] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\slserv.exe[1696] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\slserv.exe[1696] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1760] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1760] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\WINDOWS\system32\wdfmgr.exe[1760] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 5FF2A22C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 5FF2A348 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!TerminateProcess 7C801E16 5 Bytes JMP 5FF258EC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 5FF29ED8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!VirtualAllocEx 7C809A72 7 Bytes JMP 5FF2A110 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 5FF29FF4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!TerminateThread 7C81CA8B 5 Bytes JMP 5FF25A08 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!OpenThread 7C82FB40 5 Bytes JMP 5FF2A8D4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] kernel32.dll!DebugActiveProcess 7C85A303 5 Bytes JMP 5FF2A9F0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!QueryServiceStatus 77F55EB8 7 Bytes JMP 5FF27C70 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!OpenSCManagerW 77F560BD 7 Bytes JMP 5FF27390 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!OpenServiceW 77F56165 7 Bytes JMP 5FF27800 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetFileSecurityW 77F5AA69 5 Bytes JMP 5FF292A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!OpenSCManagerA 77F5ADA7 7 Bytes JMP 5FF27274 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!EnumServicesStatusA 77F5AF3F 7 Bytes JMP 5FF28ADC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ControlService 77F5B635 7 Bytes JMP 5FF27EA8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!OpenServiceA 77F5B88C 7 Bytes JMP 5FF276E4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!StartServiceW 77F5BBAC 7 Bytes JMP 5FF27B54 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetSecurityInfo 77F6087F 5 Bytes JMP 5FF295F8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetNamedSecurityInfoW 77F61285 5 Bytes JMP 5FF29830 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!QueryServiceStatusEx 77F61AA2 7 Bytes JMP 5FF27D8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!StartServiceA 77F63238 7 Bytes JMP 5FF27A38 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!QueryServiceConfigA 77F65462 7 Bytes JMP 5FF27FC4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!AbortSystemShutdownW 77F6670D 5 Bytes JMP 5FF2B1B8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 5FF29B84 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!QueryServiceConfigW 77F690F2 7 Bytes JMP 5FF280E0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!AdjustTokenPrivileges 77F6C534 5 Bytes JMP 5FF2906C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetKernelObjectSecurity 77F6D1BD 5 Bytes JMP 5FF293C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 5FF29A68 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateProcessWithLogonW 77F85C9D 5 Bytes JMP 5FF29CA0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!InitiateSystemShutdownW 77FA4B11 5 Bytes JMP 5FF2AD48 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!InitiateSystemShutdownExW 77FA4BA5 5 Bytes JMP 5FF2AF80 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!EnumServicesStatusExW 77FA681B 7 Bytes JMP 5FF28E30 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!EnumServicesStatusExA 77FA6A8F 7 Bytes JMP 5FF28D14 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 77FA6BE1 7 Bytes JMP 5FF294DC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 7 Bytes JMP 5FF2866C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 7 Bytes JMP 5FF28788 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 7 Bytes JMP 5FF288A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 7 Bytes JMP 5FF289C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceA 77FA7071 3 Bytes JMP 5FF274AC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceA + 4 77FA7075 3 Bytes [ E7, 90, 90 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceW 77FA7209 7 Bytes JMP 5FF275C8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!DeleteService 77FA7311 7 Bytes JMP 5FF2791C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!EnumDependentServicesA 77FA7389 7 Bytes JMP 5FF28434 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!EnumDependentServicesW 77FA7441 7 Bytes JMP 5FF28550 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!QueryServiceConfig2A 77FA77F9 7 Bytes JMP 5FF281FC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!QueryServiceConfig2W 77FA78F9 7 Bytes JMP 5FF28318 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!EnumServicesStatusW 77FA7B91 5 Bytes JMP 5FF28BF8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!PostMessageW 77D18CCB 5 Bytes JMP 5FF25F94 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageW 77D1B8BA 5 Bytes JMP 5FF25D5C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!PostMessageA 77D1CB85 5 Bytes JMP 5FF25E78 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageTimeoutW 77D1E48A 5 Bytes JMP 5FF2663C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendNotifyMessageW 77D20E4F 5 Bytes JMP 5FF26874 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageCallbackW 77D20EDB 2 Bytes JMP 5FF26404 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageCallbackW + 3 77D20EDE 2 Bytes [ 20, E8 ]
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!PostThreadMessageW 77D210CF 5 Bytes JMP 5FF261CC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!PostThreadMessageA 77D210DC 5 Bytes JMP 5FF260B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendDlgItemMessageW 77D25CDA 5 Bytes JMP 5FF26AAC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!BroadcastSystemMessageW 77D2813C 5 Bytes JMP 5FF26CE4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetUserObjectSecurity 77D2AE4B 5 Bytes JMP 5FF2994C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookW 77D2B61A 5 Bytes JMP 5FF2A7B8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!BroadcastSystemMessageExW 77D2D0E4 5 Bytes JMP 5FF26F1C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 5FF2A580 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageA 77D2F39A 5 Bytes JMP 5FF25C40 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageTimeoutA 77D2FB43 5 Bytes JMP 5FF26520 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!OpenClipboard 77D3024F 5 Bytes JMP 5FF238BC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 5FF2A464 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendDlgItemMessageA 77D3C2BF 5 Bytes JMP 5FF26990 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookA 77D3ED41 5 Bytes JMP 5FF2A69C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendNotifyMessageA 77D53650 5 Bytes JMP 5FF26758 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!EndTask 77D59C5D 5 Bytes JMP 5FF25B24 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!ExitWindowsEx 77D59E2D 5 Bytes JMP 5FF2B2D4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!BroadcastSystemMessageExA 77D6AA57 5 Bytes JMP 5FF26E00 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!BroadcastSystemMessage 77D6AA7E 5 Bytes JMP 5FF26BC8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] USER32.dll!SendMessageCallbackA 77D6ACE9 5 Bytes JMP 5FF262E8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] SHELL32.dll!SHCreateProcessAsUserW 7CAD83EA 5 Bytes JMP 5FF29DBC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 5FF230F4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 5FF2332C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 5FF23210 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ole32.dll!CoGetClassObject 774E56DD 5 Bytes JMP 5FF23448 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ole32.dll!CoGetInstanceFromFile 775190A2 5 Bytes JMP 5FF23564 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\Mozilla Firefox\firefox.exe[1876] ole32.dll!CoGetInstanceFromIStorage 775667D5 5 Bytes JMP 5FF23680 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\File comuni\PFShared\umxlu.exe[1892] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\File comuni\PFShared\umxlu.exe[1892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\File comuni\PFShared\umxlu.exe[1892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\File comuni\PFShared\umxlu.exe[1892] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\File comuni\PFShared\umxlu.exe[1892] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\File comuni\PFShared\umxlu.exe[1892] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 5FF2A22C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 5FF2A348 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 5FF25008 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!TerminateProcess 7C801E16 5 Bytes JMP 5FF258EC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 5FF29ED8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 5FF256B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 5FF25594 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!VirtualAllocEx 7C809A72 7 Bytes JMP 5FF2A110 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 5FF2535C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 5FF25124 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 5FF29FF4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!ExitProcess 7C81CA62 5 Bytes JMP 5FF25240 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!TerminateThread 7C81CA8B 5 Bytes JMP 5FF25A08 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!OpenThread 7C82FB40 5 Bytes JMP 5FF2A8D4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] kernel32.dll!DebugActiveProcess 7C85A303 5 Bytes JMP 5FF2A9F0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!QueryServiceStatus 77F55EB8 7 Bytes JMP 5FF27C70 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!OpenSCManagerW 77F560BD 7 Bytes JMP 5FF27390 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!OpenServiceW 77F56165 7 Bytes JMP 5FF27800 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!SetFileSecurityW 77F5AA69 5 Bytes JMP 5FF292A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!OpenSCManagerA 77F5ADA7 7 Bytes JMP 5FF27274 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!EnumServicesStatusA 77F5AF3F 7 Bytes JMP 5FF28ADC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!ControlService 77F5B635 7 Bytes JMP 5FF27EA8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!OpenServiceA 77F5B88C 7 Bytes JMP 5FF276E4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!StartServiceW 77F5BBAC 7 Bytes JMP 5FF27B54 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!SetSecurityInfo 77F6087F 5 Bytes JMP 5FF295F8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!SetNamedSecurityInfoW 77F61285 5 Bytes JMP 5FF29830 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!QueryServiceStatusEx 77F61AA2 7 Bytes JMP 5FF27D8C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!StartServiceA 77F63238 7 Bytes JMP 5FF27A38 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!QueryServiceConfigA 77F65462 7 Bytes JMP 5FF27FC4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!AbortSystemShutdownW 77F6670D 5 Bytes JMP 5FF2B1B8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 5FF29B84 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!QueryServiceConfigW 77F690F2 7 Bytes JMP 5FF280E0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!AdjustTokenPrivileges 77F6C534 5 Bytes JMP 5FF2906C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!SetKernelObjectSecurity 77F6D1BD 5 Bytes JMP 5FF293C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 5FF29A68 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!CreateProcessWithLogonW 77F85C9D 5 Bytes JMP 5FF29CA0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!InitiateSystemShutdownW 77FA4B11 5 Bytes JMP 5FF2AD48 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!InitiateSystemShutdownExW 77FA4BA5 5 Bytes JMP 5FF2AF80 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!EnumServicesStatusExW 77FA681B 7 Bytes JMP 5FF28E30 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!EnumServicesStatusExA 77FA6A8F 7 Bytes JMP 5FF28D14 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77FA6BE1 7 Bytes JMP 5FF294DC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77FA6CC9 7 Bytes JMP 5FF2866C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77FA6E61 7 Bytes JMP 5FF28788 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77FA6F61 7 Bytes JMP 5FF288A4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 77FA6FE9 7 Bytes JMP 5FF289C0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!CreateServiceA 77FA7071 3 Bytes JMP 5FF274AC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!CreateServiceA + 4 77FA7075 3 Bytes [ E7, 90, 90 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!CreateServiceW 77FA7209 7 Bytes JMP 5FF275C8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!DeleteService 77FA7311 7 Bytes JMP 5FF2791C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!EnumDependentServicesA 77FA7389 7 Bytes JMP 5FF28434 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!EnumDependentServicesW 77FA7441 7 Bytes JMP 5FF28550 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!QueryServiceConfig2A 77FA77F9 7 Bytes JMP 5FF281FC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!QueryServiceConfig2W 77FA78F9 7 Bytes JMP 5FF28318 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] ADVAPI32.dll!EnumServicesStatusW 77FA7B91 5 Bytes JMP 5FF28BF8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!PostMessageW 77D18CCB 5 Bytes JMP 5FF25F94 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendMessageW 77D1B8BA 5 Bytes JMP 5FF25D5C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!PostMessageA 77D1CB85 5 Bytes JMP 5FF25E78 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendMessageTimeoutW 77D1E48A 5 Bytes JMP 5FF2663C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendNotifyMessageW 77D20E4F 5 Bytes JMP 5FF26874 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendMessageCallbackW 77D20EDB 2 Bytes JMP 5FF26404 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendMessageCallbackW + 3 77D20EDE 2 Bytes [ 20, E8 ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!PostThreadMessageW 77D210CF 5 Bytes JMP 5FF261CC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!PostThreadMessageA 77D210DC 5 Bytes JMP 5FF260B0 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendDlgItemMessageW 77D25CDA 5 Bytes JMP 5FF26AAC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!BroadcastSystemMessageW 77D2813C 5 Bytes JMP 5FF26CE4 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SetUserObjectSecurity 77D2AE4B 5 Bytes JMP 5FF2994C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SetWindowsHookW 77D2B61A 5 Bytes JMP 5FF2A7B8 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!BroadcastSystemMessageExW 77D2D0E4 5 Bytes JMP 5FF26F1C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 5FF2A580 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendMessageA 77D2F39A 5 Bytes JMP 5FF25C40 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendMessageTimeoutA 77D2FB43 5 Bytes JMP 5FF26520 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!OpenClipboard 77D3024F 5 Bytes JMP 5FF238BC C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 5FF2A464 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendDlgItemMessageA 77D3C2BF 5 Bytes JMP 5FF26990 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SetWindowsHookA 77D3ED41 5 Bytes JMP 5FF2A69C C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!SendNotifyMessageA 77D53650 5 Bytes JMP 5FF26758 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!EndTask 77D59C5D 5 Bytes JMP 5FF25B24 C:\WINDOWS\system32\UmxSbxw.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1968] USER32.dll!ExitWindowsEx
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda CarDependant » sab feb 10, 2007 10:40 pm

E qui la sezione Autostart:

GMER 1.0.12.12027 - http://www.gmer.net
Autostart scan 2007-02-10 21:38:00
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
PFW@DLLName = UmxWnp.Dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = UmxSbxExw.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Audio Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
BITS /*Servizio trasferimento intelligente in background*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Browser /*Browser di computer*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
CryptSvc /*Servizi di crittografia*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*Utilità di avvio processo server DCOM*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*Client DHCP*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
dmserver /*Gestione dischi logici*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*Client DNS*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Servizio di segnalazione errori*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Registro eventi*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Guida in linea e supporto tecnico*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HidServ /*HID Input Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*Helper NetBIOS di TCP/IP*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*Servizi IPSEC*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Archiviazione protetta*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Registro di sistema remoto*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*RPC (Remote Procedure Call)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Gestione account di protezione (SAM)*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Utilità di pianificazione*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Accesso secondario*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*Notifica eventi di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall / Condivisione connessione Internet (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Rilevamento hardware shell*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*Servizio Ripristino configurazione di sistema*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Themes /*Temi*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Manutenzione collegamenti distribuiti client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
UmxAgent /*FW Event Manager*/@ = "C:\Programmi\Tiny Firewall Pro\UmxAgent.exe"
UmxCfg /*FW Configuration Interpreter*/@ = "C:\Programmi\File comuni\PFShared\UmxCfg.exe"
UmxFwHlp /*FW User-Mode Helper*/@ = "C:\Programmi\Tiny Firewall Pro\UmxFwHlp.exe"
UmxLU /*FW Live Update*/@ = "C:\Programmi\File comuni\PFShared\umxlu.exe"
UmxPol /*FW Policy Manager*/@ = "C:\Programmi\File comuni\PFShared\UmxPol.exe"
W32Time /*Ora di Windows*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Strumentazione gestione Windows*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Centro sicurezza PC*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Aggiornamenti automatici*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WZCSVC /*Zero Configuration reti senza fili*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@CoolSwitchC:\WINDOWS\system32\taskswitch.exe = C:\WINDOWS\system32\taskswitch.exe
@CnxDslTaskBar"C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" = "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_03\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
@ /*file not found*/ = /*file not found*/
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@KCeasyC:\Programmi\KCeasy\KCeasy.exe /hide = C:\Programmi\KCeasy\KCeasy.exe /hide
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Proprietà dei file Multimedia*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*Gestore scanner ICM*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*Pagina di protezione NTFS*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*Pagina di proprietà di Docfile OLE*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Estensione scheda video del Pannello di controllo*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Estensione monitor del Pannello di controllo*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*Pagina di protezione DS*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Pagina compatibilità*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Gestore dati dei ritagli di shell*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Estensione copia dischi*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Estensioni shell per oggetti Rete Microsoft Windows*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*Gestore monitor ICM*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*Gestore stampante ICM*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Estensioni shell per la compressione dei file*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Estensione shell per la stampante Web*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Menu di scelta rapida di crittografia*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Sincronia file*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*Estensione di icona di HyperTerminal*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Tipi di carattere*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*Profilo ICC*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Pagina di protezione della stampante*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Estensioni shell per la condivisione*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Estensione Crypto PKO*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Estensione firma crittografata*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Connessioni di rete*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanner e fotocamere digitali*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Estensioni di shell per Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Programmi\File comuni\System\Ole DB\oledb32.dll = C:\Programmi\File comuni\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Operazioni pianificate*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Barra delle applicazioni e menu di avvio*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Cerca*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Guida in linea e supporto tecnico*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Esegui...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*Posta elettronica*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Tipi di carattere*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Strumenti di amministrazione*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Barra degli strumenti Microsoft Internet*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Stato del download*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Shell Folder accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Shell Folder 2 accresciuto*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*SearchBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*Ricerca all'interno*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Ricerca Web*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Utilità opzioni della struttura del Registro di sistema*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Indirizzo*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Completamento automatico Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*Elenco di Completamento automatico MRU*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Elenco di Completamento automatico MRU personalizzato*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessibile*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Indicatore di avanzamento popup*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Elenco di Completamento automatico della Cronologia di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Elenco di Completamento automatico di Shell Folder di Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Contenitore dell'elenco di Completamento automatico multiplo Microsoft*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*Assistenza utente*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Impostazioni cartella globale*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Servizio Cronologia Url Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*Cronologia*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*File temporanei Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Hook per la ricerca di URL Microsoft*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*Schermata iniziale applicazioni Internet Explorer 4*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*Cartella cache ActiveX*/%SystemRoot%\system32\occache.dll = %SystemRoot%\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Cartella Subscription*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Gestione applicazioni shell*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Enumeratore applicazioni installate*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI + programma di estrazione file in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*Programma di estrazione pagine HTML in anteprima*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Ordinazione di stampe tramite Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Oggetto Pubblicazione guidata sul Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Creazione guidata profilo Passport*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*Account utente*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Cartella compressa*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*File del canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Collegamento al canale*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\system32\cdfview.dll = %SystemRoot%\system32\cdfview.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Cartella file non in linea*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*&Contatti...*/C:\Programmi\Outlook Express\wabfind.dll = C:\Programmi\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{709C6E11-538F-4759-86AC-6ACB302AA0DE} /*Desktop Manager*/(null) =
@(null) =
@{efb97cb8-a4a4-4357-a261-002ffaed0267} /*CD Slideshow Powertoy*/(null) =
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Programmi\Unlocker\UnlockerCOM.dll = C:\Programmi\Unlocker\UnlockerCOM.dll
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programmi\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = %SystemRoot%\system32\mshtml.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\system32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
res@CLSID = %SystemRoot%\system32\mshtml.dll
sysimage@CLSID = %SystemRoot%\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll

---- EOF - GMER 1.0.12 ----

Allora a connettermi a Internet ci riesco, non riesco a connettermi a Live Messenger mi da un errore e se apro Internet Explorer mi appare uno spazio bianco sotto la barra degli indirizzi.
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda Amantide » sab feb 10, 2007 10:52 pm

Il log è pulito [boh]
Prova a riparare i problemi della connessione con WinSock XP Fix e vedi nel registro eventi gli errori che ci sono e a cosa si riferiscano.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda CarDependant » sab feb 10, 2007 11:04 pm

Risolto! Thanks Amantide, un giorno ti offro una pizza! [:)] [:D]

Diciamo che avevo combinato una mezza c******, perche avevo cancellato manualmente dal regedit chiavi relative a applicazioni che avevo gia rimosso, visto che con la normale disinstallazione nn venivano rimossi...
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT

Messaggioda Amantide » sab feb 10, 2007 11:26 pm

[acc2]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Messaggioda CarDependant » lun feb 12, 2007 1:32 am

Dopo quest'esperienza ho scelto l'accoppiata Antivir PE-Comodo Pro, e mi interessa come terzo programma System Safety Monitor versione free, sembra interessante, qualcuno l'ha già provato?

(Comodo Firewall Pro, un firewall che si usa con...COMODO!! [rotolo] [rotolo] ).
Avatar utente
CarDependant
Senior Member
Senior Member
 
Messaggi: 241
Iscritto il: lun nov 20, 2006 2:35 am
Località: Sicilia, CT


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Google [Bot] e 7 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising