Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 46

Thread: Similar Problem again !!!

  1. #11
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    ************************* Rustock.b-fix -- By ejvindh *************************
    2006-12-22 16:10:45,21

    ******************* Pre-run Status of system *******************

    Rootkit driver PE386 is found. Starting the unload-procedure....

  2. #12
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\irmhbyit

    *******************

    Script file located at: \??\C:\Documents and Settings\mvcljtim.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver PE386 unloaded successfully.
    Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

    Completed script processing.

    *******************

    Finished! Terminate.

  3. #13
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 13:43:38 2006-12-01

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\mljgf.dll
    C:\WINDOWS\SYSTEM32\fgjlm.ini
    C:\WINDOWS\SYSTEM32\fgjlm.bak1
    C:\WINDOWS\SYSTEM32\fgjlm.bak2
    C:\WINDOWS\SYSTEM32\fgjlm.ini2
    C:\WINDOWS\SYSTEM32\fgjlm.tmp
    C:\WINDOWS\system32\mljgf.dll
    C:\WINDOWS\SYSTEM32\fgjlm.ini
    C:\WINDOWS\SYSTEM32\fgjlm.bak1
    C:\WINDOWS\SYSTEM32\fgjlm.bak2
    C:\WINDOWS\SYSTEM32\fgjlm.ini2
    C:\WINDOWS\SYSTEM32\fgjlm.tmp
    C:\WINDOWS\system32\fgjlm.ini
    C:\WINDOWS\system32\fgjlm.bak1
    C:\WINDOWS\system32\fgjlm.bak2
    C:\WINDOWS\system32\fgjlm.ini2
    C:\WINDOWS\system32\fgjlm.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\mljgf.dll
    C:\WINDOWS\SYSTEM32\mljgf.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini
    C:\WINDOWS\SYSTEM32\fgjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak1
    C:\WINDOWS\SYSTEM32\fgjlm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak2
    C:\WINDOWS\SYSTEM32\fgjlm.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini2
    C:\WINDOWS\SYSTEM32\fgjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.tmp
    C:\WINDOWS\SYSTEM32\fgjlm.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljgf.dll
    C:\WINDOWS\system32\mljgf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 14:03:14 2006-12-01

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 01:22:02 2006-12-19

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\windmh32.dll

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 15:20:20 2006-12-19

    Listing files found while scanning....

    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.bak1

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
    C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 12:55:15 2006-12-22

    Listing files found while scanning....

    C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\kjllm.ini
    C:\WINDOWS\system32\kjllm.bak1
    C:\WINDOWS\system32\kjllm.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\mlljk.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\kjllm.ini
    C:\WINDOWS\system32\kjllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjllm.bak1
    C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjllm.bak2
    C:\WINDOWS\system32\kjllm.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\mlljk.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 20:13:55 2006-12-22

    Listing files found while scanning....

    C:\WINDOWS\system32\awvst.dll
    C:\WINDOWS\system32\tsvwa.ini
    C:\WINDOWS\system32\tsvwa.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvst.dll
    C:\WINDOWS\system32\awvst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tsvwa.ini
    C:\WINDOWS\system32\tsvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tsvwa.bak2
    C:\WINDOWS\system32\tsvwa.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 17:05:52 2006-12-23

    Listing files found while scanning....

  4. #14
    Retired Security Volunteer
    Join Date
    Dec 2006
    Posts
    752

    Default

    By the way, while searching I found your previous thread with Shaba

    http://forums.spybot.info/showthread.php?t=9353

    Any reason why you left him?


    *Did you have any Norton Antivirus products in your machine before? If so, please run this tool HERE to remove all leftovers of the Norton products.


    *Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

    O2 - BHO: (no name) - {6EE6436B-00BB-4229-8D92-C12654C5B342} - C:\WINDOWS\system32\awvst.dll (file missing)
    O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab


    Close your browsers and all open windows except for HijackThis, then click "Fix checked".


    *Download Gmer from here:
    http://gmer.thespykiller.co.uk/gmer.zip
    • Disconnect from internet and close running programs.
    • There is a small chance this application may crash your computer so save any work you have open.
    • Double click gmer.exe
    • Let the gmer.sys driver load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
    • If no warning....
    • Click "Rootkit" tab and click "Scan"
    • Once done, click "Copy"
    • Open Notepad and hit "ctrl+v" to paste the log.
    • Reconnect to the internet and post the log back to this thread please.


    On your next reply, please include a fresh HijackThis log, gmer log and a description on how your machine is running.
    AngelFire777

    Proud member of UNITE and ASAP since 2006.

  5. #15
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    Yes i had nortons before, but i got rid of it, it was actually during that phase that i seemed to get all these viruses...my fault.

    Yes Shaba was my previous handler and i have nothing against him/her, it ended, i lost the thread so to speak, as i was away for a while with work....

    So thought i would start over...anyway....

    Logfile of HijackThis v1.99.1
    Scan saved at 04:19:30, on 2006-12-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program\Synaptics\SynTP\SynTPLpr.exe
    C:\Program\Synaptics\SynTP\SynTPEnh.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
    C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program\Grisoft\AVG Free\avgcc.exe
    C:\HJT\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/ms...downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

  6. #16
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    i cant seem to be able to post the gmer log...seems that when i try the ie slows right down then it fails to find the website....did that make any sense?

  7. #17
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    GMER 1.0.12.12011 - http://www.gmer.net
    Rootkit scan 2006-12-24 03:45:26
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.12 ----

    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
    SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
    SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
    SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
    SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
    SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
    SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
    SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

  8. #18
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    ---- Kernel code sections - GMER 1.0.12 ----

    .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 3C, EA, F8, E0, 9E, EA, ... ]
    .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 3C, EA, F8, E0, 9E, EA, ... ]

    ---- User code sections - GMER 1.0.12 ----

    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NlsMbOemCodePageTag + FFF84FE8 7C901000 140 Bytes [ AF, 69, FF, FF, 83, C4, 0C, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEnterCriticalSection + 88 7C90108D 74 Bytes [ 83, C4, 0C, 85, F6, 75, 2C, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEnterCriticalSection + D3 7C9010D8 77 Bytes CALL 7C8F7AB3 C:\WINDOWS\system32\kernel32.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlLeaveCriticalSection + 3B 7C901128 85 Bytes [ 4E, 65, 74, 70, 56, 61, 6C, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrInitializeThunk 7C90117E 62 Bytes [ 90, 90, 4E, 65, 74, 70, 43, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextUnsafeFast + 8 7C9011BD 74 Bytes [ 20, 30, 78, 25, 6C, 78, 0A, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + E 7C901208 7 Bytes [ 42, 00, 55, 00, 49, 00, 4C ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C901210 64 Bytes [ 54, 00, 49, 00, 4E, 00, 00, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCurrentTeb + 1 7C901251 8 Bytes [ 20, 30, 78, 25, 6C, 78, 0A, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitString 7C90125C 134 Bytes [ 90, 90, 90, 90, 4E, 65, 74, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitUnicodeString + D 7C9012E3 226 Bytes [ 90, 4E, 65, 74, 70, 56, 61, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!log 7C9013CA 89 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 51 7C901424 3 Bytes [ 00, 04, 00 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 55 7C901428 10 Bytes [ 85, F0, FD, FF, FF, 8B, 45, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 60 7C901433 1 Byte [ 08 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 62 7C901435 15 Bytes [ 68, 84, D4, 96, 60, 89, B5, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 73 7C901446 41 Bytes [ 89, B5, BC, FD, FF, FF, 89, ... ]
    .text ...
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 13 7C9014CA 2 Bytes [ 8A, 07 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 16 7C9014CD 73 Bytes [ C7, 02, 88, 85, D0, FD, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 60 7C901517 28 Bytes [ 8D, 85, AC, FD, FF, FF, 50, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 7D 7C901534 43 Bytes [ FD, FF, FF, FF, 73, 04, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + A9 7C901560 102 Bytes [ 04, 89, 85, C8, FD, FF, FF, ... ]
    .text ...

  9. #19
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 39 7C901718 34 Bytes [ 85, BC, FD, FF, FF, 50, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 5C 7C90173B 55 Bytes [ B8, FD, FF, FF, 89, 43, 0C, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 94 7C901773 63 Bytes CALL 7C8FAE35
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sqrt + 21 7C9017B3 19 Bytes [ 50, FF, B5, E0, FD, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sqrt + 35 7C9017C7 49 Bytes [ F8, FD, FF, FF, 89, 43, 10, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sqrt + 68 7C9017FA 287 Bytes CALL 7C8FC0BE
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_alldvrm + 2E 7C90191A 618 Bytes [ F0, 56, 68, 2C, D3, 96, 60, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aulldiv + 39 7C901B85 46 Bytes [ 85, F6, 75, 07, 83, 8D, F4, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aulldiv + 68 7C901BB4 6 Bytes [ 75, 04, 85, F6, 75, 37 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aulldvrm + 2 7C901BBB 231 Bytes [ 85, CC, FD, FF, FF, 6A, 01, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aullrem + 50 7C901CA3 66 Bytes [ BB, 00, 00, 20, 00, 74, 27, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aullshr + 19 7C901CE6 239 Bytes [ 57, 9D, FF, FF, 83, BD, E8, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!atan + 61 7C901DD6 174 Bytes [ B5, B8, FD, FF, FF, E8, A9, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!ceil + 67 7C901E85 195 Bytes [ FF, B5, E4, FD, FF, FF, E8, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!ceil + 12B 7C901F49 47 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!floor + 1C 7C901F79 157 Bytes [ 72, 65, 6D, 6F, 76, 69, 6E, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!floor + BA 7C902017 89 Bytes [ 90, 4E, 65, 74, 70, 41, 70, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!floor + 114 7C902071 77 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memchr + 1A 7C9020BF 142 Bytes [ 70, 41, 70, 70, 6C, 79, 4A, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcmp 7C90214F 113 Bytes [ 90, 4E, 65, 74, 70, 41, 70, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcmp + 72 7C9021C1 99 Bytes [ 73, 20, 6F, 66, 20, 73, 65, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcpy + 25 7C902225 605 Bytes [ 90, 90, 90, 4E, 65, 74, 70, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcpy + 283 7C902483 275 Bytes [ 90, 4E, 65, 74, 70, 41, 70, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 5D 7C902597 100 Bytes CALL 7C8DC74E C:\WINDOWS\system32\kernel32.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + C2 7C9025FC 282 Bytes [ 90, 90, 90, 90, 4E, 65, 74, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 1DD 7C902717 167 Bytes [ 61, 64, 69, 6E, 67, 20, 6A, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 285 7C9027BF 116 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 2FA 7C902834 39 Bytes [ 5D, C2, 08, 00, 4E, 65, 74, ... ]
    .text ...
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcpy + 1 7C9028D8 86 Bytes [ 89, 85, C0, FD, FF, FF, 66, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcat + 43 7C90292F 37 Bytes [ 88, 9D, D9, FD, FF, FF, 89, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcat + 6B 7C902957 74 Bytes [ 66, AB, 89, 9D, EC, FD, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcat + B6 7C9029A2 83 Bytes [ B5, F0, FD, FF, FF, E8, 63, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcmp + 25 7C9029F6 208 Bytes [ B9, 4F, FF, FF, FF, 75, 1C, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strlen + 2A 7C902AC7 69 Bytes [ 57, 8D, 85, D0, FD, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strlen + 70 7C902B0D 350 Bytes [ 85, F4, FD, FF, FF, 50, 8D, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncmp + 29 7C902C6C 30 Bytes [ FF, 68, C4, F1, 96, 60, E8, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncpy + B 7C902C8B 172 Bytes [ 53, FF, B5, CC, FD, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncpy + B8 7C902D38 19 Bytes CALL 7C8DC750 C:\WINDOWS\system32\kernel32.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncpy + CD 7C902D4D 59 Bytes [ 00, 80, 53, 53, FF, B5, CC, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strpbrk + 6 7C902D89 26 Bytes [ 8B, 85, EC, FD, FF, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strpbrk + 21 7C902DA4 144 Bytes [ 8D, EC, FD, FF, FF, 83, C4, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strspn + 48 7C902E35 3 Bytes JMP 7C903739 C:\WINDOWS\system32\ntdll.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strspn + 4D 7C902E3A 108 Bytes [ A9, 00, 00, 00, 40, 75, 05, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!tan + 69 7C902EA7 97 Bytes JMP 7C90373A C:\WINDOWS\system32\ntdll.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!tan + CB 7C902F09 57 Bytes [ B5, 74, FD, FF, FF, 3B, F3, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!tan + 105 7C902F43 512 Bytes [ 00, 8D, B5, F8, FD, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlZeroMemory + 29 7C903144 118 Bytes [ 39, 9D, B0, FD, FF, FF, 0F, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 6A 7C9031BB 116 Bytes [ FF, B5, 9C, FD, FF, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + DF 7C903230 60 Bytes [ FF, FF, 83, FF, 57, 59, 59, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 11C 7C90326D 207 Bytes [ 85, F8, 02, 00, 00, 8D, 85, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 1EC 7C90333D 48 Bytes [ 85, 28, 02, 00, 00, 39, 9D, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 21D 7C90336E 38 Bytes [ 85, B8, FD, FF, FF, 3B, C3, ... ]
    .text ...
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedLargeIntegerDivide + 24 7C903549 56 Bytes [ 56, FF, B5, 6C, FD, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedLargeIntegerDivide + 5D 7C903582 124 Bytes [ FF, 8B, 40, 04, 83, F8, 04, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedMagicDivide + 78 7C9035FF 62 Bytes CALL 7C8F79B1 C:\WINDOWS\system32\kernel32.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedIntegerMultiply + 23 7C903640 53 Bytes [ F6, 45, 1C, 02, 0F, 84, A0, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedIntegerMultiply + 59 7C903676 252 Bytes [ FF, FF, B5, B4, FD, FF, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 2E 7C903773 32 Bytes [ 39, 9D, A8, FD, FF, FF, 74, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 4F 7C903794 13 Bytes CALL 7C8E2305 C:\WINDOWS\system32\kernel32.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 5D 7C9037A2 15 Bytes [ B5, 8C, FD, FF, FF, E8, 59, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 6D 7C9037B2 229 Bytes [ 74, 56, 8D, 85, D0, FD, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 53 7C903898 58 Bytes [ 4E, 65, 74, 70, 4A, 6F, 69, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 8E 7C9038D3 60 Bytes [ 90, 4E, 65, 74, 70, 4A, 6F, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + CB 7C903910 137 Bytes [ 4E, 65, 74, 70, 4A, 6F, 69, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 15E3 7C904E28 2 Bytes JMP 7C904EE4 C:\WINDOWS\system32\ntdll.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 15E7 7C904E2C 18 Bytes [ 00, 40, 89, 46, 04, 8D, 45, ... ]
    .text ...

  10. #20
    Member
    Join Date
    Nov 2006
    Posts
    51

    Default

    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckAndAuditAlarm + 3 7C90D3A6 55 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckByTypeResultList 7C90D3E2 31 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + B 7C90D402 37 Bytes [ D6, 8D, 45, F8, 50, 8D, 45, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAddAtom + 7 7C90D428 49 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAdjustGroupsToken + F 7C90D45A 79 Bytes [ 00, 00, 53, 8B, 5D, 0C, 3B, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAllocateLocallyUniqueId + B 7C90D4AA 3 Bytes [ 83, 7D, F0 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAllocateLocallyUniqueId + F 7C90D4AE 125 Bytes [ 5B, 74, 08, FF, 75, F0, E8, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCallbackReturn + F 7C90D52C 9 Bytes [ 00, 8D, 45, F8, 50, 68, 19, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelDeviceWakeupRequest + 4 7C90D536 6 Bytes [ 57, 68, D8, 06, 97, 60 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelDeviceWakeupRequest + B 7C90D53D 16 Bytes [ 75, EC, FF, 15, E0, 10, 94, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelIoFile + 7 7C90D54E 3 Bytes JMP 7C90D495 C:\WINDOWS\system32\ntdll.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelIoFile + B 7C90D552 161 Bytes [ FF, FF, 3B, C7, 0F, 85, F2, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCompressKey + 5 7C90D5F4 89 Bytes [ 74, 08, FF, 75, FC, E8, 32, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateDirectoryObject + B 7C90D64E 109 Bytes [ 8B, F0, EB, 54, 53, FF, 15, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobObject + 10 7C90D6BC 7 Bytes [ 53, 00, 79, 00, 73, 00, 74 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + 3 7C90D6C4 1 Byte [ 65 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + 5 7C90D6C6 1 Byte [ 6D ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + 7 7C90D6C8 7 Bytes [ 52, 00, 6F, 00, 6F, 00, 74 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + F 7C90D6D0 2 Bytes [ 00, 00 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ 90, 90, 53 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateKey + 4 7C90D6DA 19 Bytes [ 6F, 00, 66, 00, 74, 00, 77, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + 3 7C90D6EE 1 Byte [ 63 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + 5 7C90D6F0 1 Byte [ 72 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + 7 7C90D6F2 7 Bytes [ 6F, 00, 73, 00, 6F, 00, 66 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + F 7C90D6FA 9 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMutant + 4 7C90D704 19 Bytes [ 64, 00, 6F, 00, 77, 00, 73, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + 3 7C90D718 1 Byte [ 72 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + 5 7C90D71A 1 Byte [ 72 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + 7 7C90D71C 7 Bytes [ 65, 00, 6E, 00, 74, 00, 56 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + F 7C90D724 9 Bytes [ 65, 00, 72, 00, 73, 00, 69, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreatePagingFile + 4 7C90D72E 2 Bytes [ 6E, 00 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreatePagingFile + 7 7C90D731 83 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateProfile + 7 7C90D785 50 Bytes [ 85, C0, 7C, 1B, 8B, 75, E0, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateSemaphore + 10 7C90D7B8 80 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateToken + D 7C90D809 54 Bytes [ 60, 01, 00, 8B, 4D, FC, 5F, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDebugContinue + 5 7C90D840 102 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDeleteKey + 3 7C90D8A7 7 Bytes [ 8D, 45, D0, 50, E8, 95, FF ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDeleteKey + B 7C90D8AF 71 Bytes [ FF, A1, 98, F7, 98, 60, 3B, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDeviceIoControlFile + 14 7C90D8F7 37 Bytes [ 50, 8D, 45, 84, 50, 89, 7D, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDuplicateObject + 10 7C90D91D 97 Bytes CALL 7C90D734 C:\WINDOWS\system32\ntdll.dll
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtEnumerateValueKey + 9 7C90D97F 1 Byte [ FF ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtEnumerateValueKey + B 7C90D981 24 Bytes [ 6A, 08, 8D, 45, B0, 50, 8D, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtExtendSection + F 7C90D99A 189 Bytes [ C0, 81, FE, 22, 00, 00, C0, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtFreeVirtualMemory + 12 7C90DA5A 13 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtFsControlFile + B 7C90DA68 20 Bytes [ FF, FF, FF, 75, 0C, 56, FF, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtGetContextThread + B 7C90DA7D 135 Bytes [ FF, 56, FF, 15, D8, 12, 94, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtInitializeRegistry 7C90DB05 94 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtListenPort + B 7C90DB64 29 Bytes [ 15, 70, 10, 94, 60, 85, C0, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey 7C90DB83 25 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey2 + 5 7C90DB9D 1 Byte [ 00 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey2 + 7 7C90DB9F 7 Bytes [ 51, FF, 75, 10, C7, 00, 18 ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey2 + F 7C90DBA7 20 Bytes [ 00, 00, 50, 68, 00, 00, 00, ... ]
    .text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLockFile + F

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •