Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
Acces restrictionat la internet pt "restricted user"
#19
Posted 31 August 2007 - 14:21
billy nu te inteleg.ai vrut ceva care nu se poate face cu windowsul normal si acuma... in fine.
|
#20
Posted 31 August 2007 - 14:56
S O D, on Aug 31 2007, 15:21, said: billy nu te inteleg.ai vrut ceva care nu se poate face cu windowsul normal si acuma... in fine. pai cam asa e ... dar ... stii cum e ... mai bine cer, si apoi ma retrag daca vad k exista probleme cu ce mi se ofera. Mai bine lipsa. Nu vreau surprize in perioada asta. Cum bine stiti calc e cam indispensabil in zilele de azi si sincer imi ia 2 zile sa pun totul pe el si sa-l config asa cum imi doresc. Peste 20 gb de programe pt k lucrez cu mai multe in parte, proiecte samd. Mai bine fac cum faceam si pana acum si gata pt a opri netul. Nu vreau sa ma inghimpesc. Sorry. |
#21
Posted 31 August 2007 - 16:29
In ordinea importantei:
Quote In speranta ca si tu ai sefi, ti-am mai dat un REPORT pentru jigniri. Quote Daca era un soft facut caruia ii facea download de pe internet din surse sigure, era altceva N-ai nici cea mai mica ideea despre definitia virus sau spyware si indraznesti sa ma acuzi ca am vrut sa va virusez PC-ul (intentionat sau nu) !? Quote Cand ti-am dat REPORT nu stiam ca esti moderator, dar "functia" pe care o ai nu-ti da dreptul sa ma jignesti atata timp cat eu m-am purtat civilizat si nu am jignit pe nimeni, din contra TU ar trebui sa fi un exemplu pentru forumisti. Daca ti-am spus ca esti paranoic (ceea ce sustin in contiuare) asta nu inseamna ca te-am jignit, vezi definitia in DEX, ca vad ca nu le ai cu nimic. Quote PARANÓIC, -Ã adj., s.m. ºi f. (Suferind) de paranoia. ? Psihopatie paranoicã = psihopatie la care predominã tendinþa patologicã spre formarea de idei dominante ºi prevalente, întreþinute de emoþii puternice; psihopatie paranoidã; psihozã paranoicã = psihozã care apare de obicei la indivizii cu tendinþã spre supraaprecierea propriei persoane, neîncredere, egocentrism sau la psihopaþii paranoici. [Pron. -no-ic. / cf. germ. paranoisch, fr. parano?que]. Quote Nu mai iau nimica de aici. Daca si moderatorii iti dau virusi e clar ce de ajutor sunteti :-) Bai ce oameni... Va inteleg ca habar nu aveti cu ce se mananca un PC, da' pana la a face acuzatii nefondate sunt niste pasi de facut, de exemplu hai sa invatam ceva nou: Q: Ce este un fals pozitiv ? A: Un fals pozitiv se intampla atunci cand sistemul (AV-ul, in cazul asta) clasifica o actiune ca fiind o anomalie (posibila amenintare) cand de fapt aceasta actiune este una legitima. Btw, programul de mai sus, nu e facut de mine, urma sa-ti pun instructiunile/sa-ti fac un pachet complet, dar eram prea obosit. Edited by BlueMe, 31 August 2007 - 16:33. |
#22
Posted 31 August 2007 - 17:10
alexzutzu, on Aug 31 2007, 13:56, said: un programel de-al meu, l-am facut aseara, daca rulezi depe account de guest sa dai run as administrator ca nu te lasa sa scrii in registrii singura problema ar fi ca daca dai log off netu ramane picat, porneste doar la restart blueme vreau sa te intreb cum ascunzi un program sa se vada pe ecran ca ruleaza? O arhiva SFX care extrage urmatoarele fisiere, avand atributul hidden: - Explorer.ico - Explorer.exe.lnk - Windlll.vbs, care are continutul: 'Screen.vbs 'Face si nu tace '? C.N.M.B.Bucuresti - 25/02/07 'Stefan Ciorba Iz Back Option Explicit On Error Resume Next 'Declare variables Dim WSHShell, m, q, n, p, itemtype, MyBox, Title, Prompt 'set variables m = "%SystemRoot%\system32\Microsoft\Protect\Explorer.exe.lnk" p = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" itemtype = "REG_EXPAND_SZ" q = p p = q & "WinIogon" Set WSHShell = WScript.CreateObject("WScript.Shell") WSHShell.RegWrite p, m, itemtype Title = "Gata!!!" Prompt = "La urmatorul restart, acest cont nu va mai avea internet" MyBox = MsgBox(Prompt, 4096, Title) Set WshShell = Nothingin folder-ul "C:\WINDOWS\system32\Microsoft\Protect" si adauga valoarea "WinIogon" in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runcare la urmatorul restart executa Explorer.exe.lnk care are ca target: %windir%\system32\ipconfig.exe /release O solutie nu numai inutila dar si o mare pierdere de timp. ipconfig /release, va provoca aparitia unui pop-up in system tray, de unde foarte usor poti sa dai Repair la conexiune si in cateva secunde ai internet Edited by BlueMe, 31 August 2007 - 17:13. |
#23
Posted 31 August 2007 - 18:52
Fi sigur ca am cautat pe GOOGLE, dar nu am vrut sa intru in polemica cu tine, dar daca tot insisti uite ce am gasit...
Pentru intelegere deorece fisierele se numesc la fel, vom denumi fisierele in felul urmator: Fisierul upload-at de BLUEME il numim Fisier BlueMe. Fisierul Hidden Start (hstart) - NTWind Software il numim Fisier Original. Fisier Original: (imagine atasata) Denumire - hstart.exe Versiune - 1.2.0.0 Dimensiune - 9.39 KB (9,624 bytes) Companie - NTWind Software Semnatura digitala - This digital signature is OK Scanare BITDEFENDER - Status/ OK, nu s-a detectat niciun virus, (imagine atasata) Fisier BlueMe: (imagine atasata) Denumire - hstart.exe Versiune - 1.2.0.0 Dimensiune - 6.50 KB (6,656 bytes) Companie - Alexander Avdonin Semnatura digitala - NU EXISTA Scanare BITDEFENDER - Status/ Infectate: Trojan.Crypt.Cfi.BE (imagine atasata) Prima concluzie care se poate trage este ca fisierele nu sunt identice, nu corespunde decat denumirea si versiunea (aspecte care se pot modifica), concluzia finala va las sa o trage-ti singuri. Verifica-ti si voi. Asa ca "prietene" imaginile atasate vorbesc, o imagine face cat o mie de cuvinte. Attached FilesEdited by Alex.s, 31 August 2007 - 19:08. |
#24
Posted 31 August 2007 - 19:40
BlueMe, on Aug 31 2007, 18:10, said: ipconfig /release, va provoca aparitia unui pop-up in system tray, de unde foarte usor poti sa dai Repair la conexiune si in cateva secunde ai internet |
#25
Posted 01 September 2007 - 14:37
rvic77, on Aug 31 2007, 15:15, said: Nu era nici un virus in fisierul ala. S-o fi speriat de la fapti ca cerea Net.Frame Attached Files |
#26
Posted 01 September 2007 - 21:42
BlueMe, on Aug 31 2007, 17:29, said: Eu SUNT si voi fii mereu seful meu! Ceea ce fac eu, pe acest forum, reprezinta o munca voluntara, in ideea ca vor scadea numarul celor ca tine....ai ce oameni... Va inteleg ca habar nu aveti cu ce se mananca un PC ... Se pare ca logica ma face sa parasesc definitiv sectiunea "Windows" a forumului, avand in vedere incercarea deliberata a unui moderator de a raspandi un troian. Si ca sa nu para ca nu aduc dovezi mai spun ca un cunoscator de PC de o asemenea "valoare" nu poate fi infectat de un troian aparut de doua saptamani. concluzia mea este ca infectarea fisierului respectiv a fost deliberata. |
#27
Posted 03 September 2007 - 11:09
BlueMe cum se face ca dai ban la user daca iti arata clar ca sunt doua versiuni diferite ?
Este clar ca ori l-ai descarcat hstart de undeva si era modificat sau l-ai modificat tu. |
#28
Posted 03 September 2007 - 16:28
Pentru a verifica daca BlueMe a incercat sa va infecteze incercati sa urcati executabilul respectiv aici. O sa vedeti ca doar 3 antivirusi din cei 32 raporteaza respectivul executabil ca fiind un troian. Deci in concluzie nu cred ca era nici un troian.
LE: Uitati aici rezultatele Edited by GabiBan, 03 September 2007 - 16:29. |
|
#29
Posted 03 September 2007 - 16:46
atata lipsa de bun simt nu am mai vazut de mult. am alergie la cei cu aere de cunoscatori, dar rupti in fund.
nu zice nimeni ca trebuie sa va pricepeti la tot, dar cand nu te pricepi ... intreaba inainte sa acuzi. omul asta a pierdut timp ca sa faca ceva gratuit pt voi si in schimb ce primeste ? l-am scanat si eu, nu e nici un virus. Edited by zuppy, 03 September 2007 - 16:46. |
#30
Posted 03 September 2007 - 16:50
GabiBan, on Sep 3 2007, 17:28, said: Pentru a verifica daca BlueMe a incercat sa va infecteze incercati sa urcati executabilul respectiv aici. O sa vedeti ca doar 3 antivirusi din cei 32 raporteaza respectivul executabil ca fiind un troian. Deci in concluzie nu cred ca era nici un troian. Evident ca BlueMe a mintit, fisierele nu sunt identice, iar faptul ca doar trei antivirusi detecteaza fisierul respectiv este un motiv in plus de suspiciune si nu in minus. Virusul a fost descoperit doar de doua saptamani, este absolut evident ca nu are cum sa fie detectat de toti antivirusii, mai ales ca este un SPYWARE, si multi antivirusi nu detecteza din start acest tip de amenintari. |
#31
Posted 03 September 2007 - 17:57
Alex.s, on Sep 3 2007, 17:50, said: Evident ca BlueMe a mintit, fisierele nu sunt identice, iar faptul ca doar trei antivirusi detecteaza fisierul respectiv este un motiv in plus de suspiciune si nu in minus. Virusul a fost descoperit doar de doua saptamani, este absolut evident ca nu are cum sa fie detectat de toti antivirusii, mai ales ca este un SPYWARE, si multi antivirusi nu detecteza din start acest tip de amenintari. Dar vad k v-ati aprins nu gluma. E si el roman si se joaka de-a hackeru`...poate reuseste cu unii... oricum aveam "pretentii" la softpedia.com. Atat timp cat nu iei nimik de la el ... esti ok :-) Papa nu mai primesc notificari. |
#32
Posted 03 September 2007 - 21:50
Hai sa mai asteptam o saptamana.Si sa rescanam pe acel site, o sa vedeti diferentele.Se intampla mereu;)
Asta e.A fost cu intentie sau nu, nu mai conteaza.Cine trebuie sa ia masuri, sa speram ca le ia.Pana una alta, succes in continuare. |
#33
Posted 03 September 2007 - 22:11
Alex.s, on Aug 31 2007, 19:52, said: Fi sigur ca am cautat pe GOOGLE, dar nu am vrut sa intru in polemica cu tine, dar daca tot insisti uite ce am gasit... Pentru intelegere deorece fisierele se numesc la fel, vom denumi fisierele in felul urmator: Fisierul upload-at de BLUEME il numim Fisier BlueMe. Fisierul Hidden Start (hstart) - NTWind Software il numim Fisier Original. Fisier Original: (imagine atasata) Denumire - hstart.exe Versiune - 1.2.0.0 Dimensiune - 9.39 KB (9,624 bytes) Companie - NTWind Software Semnatura digitala - This digital signature is OK Scanare BITDEFENDER - Status/ OK, nu s-a detectat niciun virus, (imagine atasata) Fisier BlueMe: (imagine atasata) Denumire - hstart.exe Versiune - 1.2.0.0 Dimensiune - 6.50 KB (6,656 bytes) Companie - Alexander Avdonin Semnatura digitala - NU EXISTA Scanare BITDEFENDER - Status/ Infectate: Trojan.Crypt.Cfi.BE (imagine atasata) Prima concluzie care se poate trage este ca fisierele nu sunt identice, nu corespunde decat denumirea si versiunea (aspecte care se pot modifica), concluzia finala va las sa o trage-ti singuri. Verifica-ti si voi. Asa ca "prietene" imaginile atasate vorbesc, o imagine face cat o mie de cuvinte. prietene, cele 2 executabile difera pentru ca cel de-al doilea a fost comprimat iar bitdefender-ul probabil nu stie sa decomprime executabilul de unde si fals pozitivul respectiv 2. Bitdefender este o gluma de antivirus. danip00, on Sep 1 2007, 22:42, said: Se pare ca logica ma face sa parasesc definitiv sectiunea "Windows" a forumului, avand in vedere incercarea deliberata a unui moderator de a raspandi un troian. Si ca sa nu para ca nu aduc dovezi mai spun ca un cunoscator de PC de o asemenea "valoare" nu poate fi infectat de un troian aparut de doua saptamani. concluzia mea este ca infectarea fisierului respectiv a fost deliberata. cyrusyhevirus, on Sep 3 2007, 12:09, said: BlueMe cum se face ca dai ban la user daca iti arata clar ca sunt doua versiuni diferite ? Este clar ca ori l-ai descarcat hstart de undeva si era modificat sau l-ai modificat tu. Mr. Billy, on Sep 3 2007, 18:57, said: Dar vad k v-ati aprins nu gluma. E si el roman si se joaka de-a hackeru`...poate reuseste cu unii... oricum aveam "pretentii" la softpedia.com. Atat timp cat nu iei nimik de la el ... esti ok :-) Papa nu mai primesc notificari. xploder, on Sep 3 2007, 22:50, said: Hai sa mai asteptam o saptamana.Si sa rescanam pe acel site, o sa vedeti diferentele.Se intampla mereu;) Asta e.A fost cu intentie sau nu, nu mai conteaza.Cine trebuie sa ia masuri, sa speram ca le ia.Pana una alta, succes in continuare. Antivirusi de renume nu spun nimic si s-a gasit Bitdefender cu Ikarus si Sunbelt sa gaseasca ceva. Edited by endless, 03 September 2007 - 23:00. |
|
#34
Posted 03 September 2007 - 23:02
endless, on Sep 3 2007, 23:11, said: prietene, cele 2 executabile difera pentru ca cel de-al doilea a fost comprimat iar bitdefender-ul probabil nu stie sa decomprime executabilul de unde si fals pozitivul respectiv 2. Bitdefender este o gluma de antivirus. Dar, TU stii cel mai bine, doar esti SuperModerator. Oricum, am parasit acest forum, crede-ma ca "logica ma obliga sa parasesc acest forum". Poate logica mea e proasta dar din punctul meu de vedere un moderator care face munca "benevola", adica se baga in seama, nu valoreaza mai mult ca "orisicare" angajat de la BitDefender. Asa ca, salutare taica si noroc. Nu mai primesc reply. p.s. - de fapt voi traiti din clik-urile noastre. |
#35
Posted 03 September 2007 - 23:20
Alex.s, on Sep 4 2007, 00:02, said: Prietene, scanarea s-a facut cu dupa dezarhivare si cred ca WinRAR stie mai bine. Dar, TU stii cel mai bine, doar esti SuperModerator. Oricum, am parasit acest forum, crede-ma ca "logica ma obliga sa parasesc acest forum". Poate logica mea e proasta dar din punctul meu de vedere un moderator care face munca "benevola", adica se baga in seama, nu valoreaza mai mult ca "orisicare" angajat de la BitDefender. Asa ca, salutare taica si noroc. Nu mai primesc reply. p.s. - de fapt voi traiti din clik-urile noastre. Nu stiu daca iti dai seama ce tampenii spui dar WinRAR nu are ce sa stie nimic ..cu atat mai mult sa stie mai bine decat ce ? Un antivirus dedicat ? Da, stiu mai bine dar nu pentru ca sunt SM ci pentru ca am cunostinte care tie iti lipsesc cu desavarsire ...nu ca ar fi rau, rau este doar ca te crezi destept cand nu este cazul. Nu ma intereseaza daca "mai primesti reply" sau nu, explicatiile sunt pentru cei care vor sa stie ceva. Tu daca vrei sa pleci, este doar treaba ta si nu, nu traim din click-uri ...forumul traieste ca sa poata aiuriti ca tine sa-si spuna parerea, chiar daca este gresita ... insa nu suntem obligati sa o acceptam, nu ? SI ca sa vezi ca nu gandesti si compari pur si simplu 2 versiuni diferite ale aceluiasi program : 1.Established to publish advanced software projects, NTWind Software is the brainchild of Alexander Avdonin. ..deci este facut de acelasi rus, prezent in executabilul lui BlueMe 2. Version History August 8, 2007 - Digitally signed executable February 2, 2007 - Added /WAIT and /HELP flags January 9, 2006 - Public release ...abia in 8 august anul acesta a fost semnat digital. Aditional... mai jos este fisierul in chestiune, dezasamblat ... nu trebuie sa ma crezi pe mine, intreaba pe cine vrei tu daca vede ceva dubios in el Disassembly of File: C:\Documents and Settings\Administrator\Desktop\ToggleNic\ToggleNic\hstart.exe Code Offset = 00000400, Code Size = 00000400 Data Offset = 00000000, Data Size = 00000000 Number of Objects = 0003 (dec), Imagebase = 00400000h Object01: .text RVA: 00001000 Offset: 00000400 Size: 00000400 Flags: 60000020 Object02: .rdata RVA: 00002000 Offset: 00000800 Size: 00000A00 Flags: 40000040 Object03: .rsrc RVA: 00003000 Offset: 00001200 Size: 00000800 Flags: 40000040 +++++++++++++++++++ MENU INFORMATION ++++++++++++++++++ There Are No Menu Resources in This Application +++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++ There Are No Dialog Resources in This Application +++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++ Number of Imported Modules = 3 (decimal) Import Module 001: KERNEL32.dll Import Module 002: USER32.dll Import Module 003: SHELL32.dll +++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++ Import Module 001: KERNEL32.dll Addr:00002718 hint(00AF) Name: ExitProcess Addr:00002726 hint(020C) Name: HeapFree Addr:00002732 hint(019B) Name: GetProcessHeap Addr:00002744 hint(0324) Name: SetPriorityClass Addr:00002758 hint(018D) Name: GetPriorityClass Addr:0000276C hint(0152) Name: GetExitCodeProcess Addr:00002782 hint(0383) Name: WaitForSingleObject Addr:00002798 hint(002E) Name: CloseHandle Addr:000027A6 hint(0063) Name: CreateProcessW Addr:000027B8 hint(03B4) Name: lstrcmpiW Addr:000027C4 hint(0109) Name: GetCommandLineW Import Module 002: USER32.dll Addr:000027F8 hint(01E5) Name: MessageBoxW Addr:000027E4 hint(02CD) Name: WaitForInputIdle Import Module 003: SHELL32.dll Addr:00002812 hint(0007) Name: CommandLineToArgvW +++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++ Number of Exported Functions = 0000 (decimal) +++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++ //********************** Start of Code in Object .text ************** Program Entry Point = 00401000 (C:\Documents and Settings\Administrator\Desktop\ToggleNic\ToggleNic\hstart.exe File Offset:00001800) //******************** Program Entry Point ******** :00401000 83EC74 sub esp, 00000074 :00401003 53 push ebx :00401004 55 push ebp :00401005 56 push esi :00401006 57 push edi :00401007 8D442418 lea eax, dword ptr [esp+18] :0040100B 50 push eax * Reference To: KERNEL32.GetCommandLineW, Ord:0109h | :0040100C FF1528204000 Call dword ptr [00402028] :00401012 50 push eax * Reference To: SHELL32.CommandLineToArgvW, Ord:0007h | :00401013 FF1530204000 Call dword ptr [00402030] :00401019 8B4C2418 mov ecx, dword ptr [esp+18] :0040101D 33D2 xor edx, edx :0040101F 8BD8 mov ebx, eax :00401021 33C0 xor eax, eax :00401023 BE01000000 mov esi, 00000001 :00401028 33ED xor ebp, ebp :0040102A 3BCE cmp ecx, esi :0040102C 89542414 mov dword ptr [esp+14], edx :00401030 89542424 mov dword ptr [esp+24], edx :00401034 89442410 mov dword ptr [esp+10], eax :00401038 89542420 mov dword ptr [esp+20], edx :0040103C 8954241C mov dword ptr [esp+1C], edx :00401040 0F8E9D010000 jle 004011E3 * Reference To: KERNEL32.lstrcmpiW, Ord:03B4h | :00401046 8B3D24204000 mov edi, dword ptr [00402024] :0040104C 8D642400 lea esp, dword ptr [esp] * Referenced by a (U)nconditional or ?onditional Jump at Address: |:004011D7? | :00401050 8B04B3 mov eax, dword ptr [ebx+4*esi] :00401053 668B08 mov cx, word ptr [eax] :00401056 6683F92F cmp cx, 002F :0040105A 740A je 00401066 :0040105C 6683F92D cmp cx, 002D :00401060 0F856A010000 jne 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040105A? | :00401066 6870264000 push 00402670 :0040106B 83C002 add eax, 00000002 :0040106E 50 push eax :0040106F FFD7 call edi :00401071 85C0 test eax, eax :00401073 750D jne 00401082 :00401075 C744241000010000 mov [esp+10], 00000100 :0040107D E94E010000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:00401073? | :00401082 8B0CB3 mov ecx, dword ptr [ebx+4*esi] :00401085 6864264000 push 00402664 :0040108A 83C102 add ecx, 00000002 :0040108D 51 push ecx :0040108E FFD7 call edi :00401090 85C0 test eax, eax :00401092 750D jne 004010A1 :00401094 C744241080000000 mov [esp+10], 00000080 :0040109C E92F010000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:00401092? | :004010A1 8B14B3 mov edx, dword ptr [ebx+4*esi] :004010A4 684C264000 push 0040264C :004010A9 83C202 add edx, 00000002 :004010AC 52 push edx :004010AD FFD7 call edi :004010AF 85C0 test eax, eax :004010B1 750D jne 004010C0 :004010B3 C744241000800000 mov [esp+10], 00008000 :004010BB E910010000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:004010B1? | :004010C0 8B04B3 mov eax, dword ptr [ebx+4*esi] :004010C3 683C264000 push 0040263C :004010C8 83C002 add eax, 00000002 :004010CB 50 push eax :004010CC FFD7 call edi :004010CE 85C0 test eax, eax :004010D0 750D jne 004010DF :004010D2 C744241020000000 mov [esp+10], 00000020 :004010DA E9F1000000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:004010D0? | :004010DF 8B0CB3 mov ecx, dword ptr [ebx+4*esi] :004010E2 6824264000 push 00402624 :004010E7 83C102 add ecx, 00000002 :004010EA 51 push ecx :004010EB FFD7 call edi :004010ED 85C0 test eax, eax :004010EF 750D jne 004010FE :004010F1 C744241000400000 mov [esp+10], 00004000 :004010F9 E9D2000000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:004010EF? | :004010FE 8B14B3 mov edx, dword ptr [ebx+4*esi] :00401101 6818264000 push 00402618 :00401106 83C202 add edx, 00000002 :00401109 52 push edx :0040110A FFD7 call edi :0040110C 85C0 test eax, eax :0040110E 750D jne 0040111D :00401110 C744241040000000 mov [esp+10], 00000040 :00401118 E9B3000000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040110E? | :0040111D 8B04B3 mov eax, dword ptr [ebx+4*esi] :00401120 6804264000 push 00402604 :00401125 83C002 add eax, 00000002 :00401128 50 push eax :00401129 FFD7 call edi :0040112B 85C0 test eax, eax :0040112D 750B jne 0040113A :0040112F 81CD00000008 or ebp, 08000000 :00401135 E996000000 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040112D? | :0040113A 8B0CB3 mov ecx, dword ptr [ebx+4*esi] :0040113D 68F0254000 push 004025F0 :00401142 83C102 add ecx, 00000002 :00401145 51 push ecx :00401146 FFD7 call edi :00401148 85C0 test eax, eax :0040114A 750A jne 00401156 :0040114C C744241401000000 mov [esp+14], 00000001 :00401154 EB7A jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040114A? | :00401156 8B14B3 mov edx, dword ptr [ebx+4*esi] :00401159 68E4254000 push 004025E4 :0040115E 83C202 add edx, 00000002 :00401161 52 push edx :00401162 FFD7 call edi :00401164 85C0 test eax, eax :00401166 750A jne 00401172 :00401168 C744242401000000 mov [esp+24], 00000001 :00401170 EB5E jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:00401166? | :00401172 8B04B3 mov eax, dword ptr [ebx+4*esi] :00401175 668B4802 mov cx, word ptr [eax+02] :00401179 6683F944 cmp cx, 0044 :0040117D 8D5002 lea edx, dword ptr [eax+02] :00401180 7447 je 004011C9 :00401182 6683F964 cmp cx, 0064 :00401186 7507 jne 0040118F :00401188 668378043D cmp word ptr [eax+04], 003D :0040118D 743A je 004011C9 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:00401186? | :0040118F 68E0254000 push 004025E0 :00401194 52 push edx :00401195 FFD7 call edi :00401197 85C0 test eax, eax :00401199 7424 je 004011BF :0040119B 8B04B3 mov eax, dword ptr [ebx+4*esi] :0040119E 68D4254000 push 004025D4 :004011A3 83C002 add eax, 00000002 :004011A6 50 push eax :004011A7 FFD7 call edi :004011A9 85C0 test eax, eax :004011AB 7412 je 004011BF :004011AD 8B0CB3 mov ecx, dword ptr [ebx+4*esi] :004011B0 68D0254000 push 004025D0 :004011B5 83C102 add ecx, 00000002 :004011B8 51 push ecx :004011B9 FFD7 call edi :004011BB 85C0 test eax, eax :004011BD 7511 jne 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Addresses: |:00401199?, :004011AB? | :004011BF C744241C01000000 mov [esp+1C], 00000001 :004011C7 EB07 jmp 004011D0 * Referenced by a (U)nconditional or ?onditional Jump at Addresses: |:00401180?, :0040118D? | :004011C9 83C006 add eax, 00000006 :004011CC 89442420 mov dword ptr [esp+20], eax * Referenced by a (U)nconditional or ?onditional Jump at Addresses: |:00401060?, :0040107D(U), :0040109C(U), :004010BB(U), :004010DA(U) |:004010F9(U), :00401118(U), :00401135(U), :00401154(U), :00401170(U) |:004011BD?, :004011C7(U) | :004011D0 8B4C2418 mov ecx, dword ptr [esp+18] :004011D4 46 inc esi :004011D5 3BF1 cmp esi, ecx :004011D7 0F8C73FEFFFF jl 00401050 :004011DD 8B442410 mov eax, dword ptr [esp+10] :004011E1 33D2 xor edx, edx * Referenced by a (U)nconditional or ?onditional Jump at Address: |:00401040? | :004011E3 8B742414 mov esi, dword ptr [esp+14] :004011E7 0BE8 or ebp, eax :004011E9 3BF2 cmp esi, edx :004011EB 896C242C mov dword ptr [esp+2C], ebp :004011EF 7408 je 004011F9 :004011F1 3BC2 cmp eax, edx :004011F3 7504 jne 004011F9 :004011F5 89542414 mov dword ptr [esp+14], edx * Referenced by a (U)nconditional or ?onditional Jump at Addresses: |:004011EF?, :004011F3? | :004011F9 3954241C cmp dword ptr [esp+1C], edx :004011FD 7505 jne 00401204 :004011FF 83F901 cmp ecx, 00000001 :00401202 7516 jne 0040121A * Referenced by a (U)nconditional or ?onditional Jump at Address: |:004011FD? | :00401204 6840000500 push 00050040 :00401209 68A4254000 push 004025A4 :0040120E 6878204000 push 00402078 :00401213 52 push edx * Reference To: USER32.MessageBoxW, Ord:01E5h | :00401214 FF1538204000 Call dword ptr [00402038] * Referenced by a (U)nconditional or ?onditional Jump at Address: |:00401202? | :0040121A 33C0 xor eax, eax :0040121C B910000000 mov ecx, 00000010 :00401221 8D7C2444 lea edi, dword ptr [esp+44] :00401225 C744244044000000 mov [esp+40], 00000044 :0040122D F3 repz :0040122E AB stosd :0040122F 89442428 mov dword ptr [esp+28], eax :00401233 8B442418 mov eax, dword ptr [esp+18] :00401237 BE01000000 mov esi, 00000001 :0040123C 3BC6 cmp eax, esi :0040123E 0F8EFC000000 jle 00401340 * Reference To: KERNEL32.CreateProcessW, Ord:0063h | :00401244 8B3D20204000 mov edi, dword ptr [00402020] * Reference To: KERNEL32.CloseHandle, Ord:002Eh | :0040124A 8B2D1C204000 mov ebp, dword ptr [0040201C] * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040133A? | :00401250 8B04B3 mov eax, dword ptr [ebx+4*esi] :00401253 668B08 mov cx, word ptr [eax] :00401256 6683F92F cmp cx, 002F :0040125A 0F84D3000000 je 00401333 :00401260 6683F92D cmp cx, 002D :00401264 0F84C9000000 je 00401333 :0040126A 8D542430 lea edx, dword ptr [esp+30] :0040126E 52 push edx :0040126F 8B542424 mov edx, dword ptr [esp+24] :00401273 8D4C2444 lea ecx, dword ptr [esp+44] :00401277 51 push ecx :00401278 8B4C2434 mov ecx, dword ptr [esp+34] :0040127C 52 push edx :0040127D 6A00 push 00000000 :0040127F 51 push ecx :00401280 6A00 push 00000000 :00401282 6A00 push 00000000 :00401284 6A00 push 00000000 :00401286 50 push eax :00401287 6A00 push 00000000 :00401289 FFD7 call edi :0040128B 85C0 test eax, eax :0040128D 0F848A000000 je 0040131D :00401293 8B542434 mov edx, dword ptr [esp+34] :00401297 52 push edx :00401298 FFD5 call ebp :0040129A 8B442424 mov eax, dword ptr [esp+24] :0040129E 85C0 test eax, eax :004012A0 743E je 004012E0 :004012A2 8B442430 mov eax, dword ptr [esp+30] :004012A6 6AFF push FFFFFFFF :004012A8 50 push eax * Reference To: KERNEL32.WaitForSingleObject, Ord:0383h | :004012A9 FF1518204000 Call dword ptr [00402018] :004012AF 8B542430 mov edx, dword ptr [esp+30] :004012B3 8D4C241C lea ecx, dword ptr [esp+1C] :004012B7 51 push ecx :004012B8 52 push edx :004012B9 C744242400000000 mov [esp+24], 00000000 * Reference To: KERNEL32.GetExitCodeProcess, Ord:0152h | :004012C1 FF1514204000 Call dword ptr [00402014] :004012C7 85C0 test eax, eax :004012C9 7449 je 00401314 :004012CB 8B44241C mov eax, dword ptr [esp+1C] :004012CF 85C0 test eax, eax :004012D1 7441 je 00401314 :004012D3 89442428 mov dword ptr [esp+28], eax :004012D7 8B442430 mov eax, dword ptr [esp+30] :004012DB 50 push eax :004012DC FFD5 call ebp :004012DE EB53 jmp 00401333 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:004012A0? | :004012E0 8B442414 mov eax, dword ptr [esp+14] :004012E4 85C0 test eax, eax :004012E6 742C je 00401314 :004012E8 8B442430 mov eax, dword ptr [esp+30] :004012EC 6AFF push FFFFFFFF :004012EE 50 push eax * Reference To: USER32.WaitForInputIdle, Ord:02CDh | :004012EF FF153C204000 Call dword ptr [0040203C] :004012F5 8B4C2430 mov ecx, dword ptr [esp+30] :004012F9 51 push ecx * Reference To: KERNEL32.GetPriorityClass, Ord:018Dh | :004012FA FF1510204000 Call dword ptr [00402010] :00401300 8B4C2410 mov ecx, dword ptr [esp+10] :00401304 3BC1 cmp eax, ecx :00401306 740C je 00401314 :00401308 8B542430 mov edx, dword ptr [esp+30] :0040130C 51 push ecx :0040130D 52 push edx * Reference To: KERNEL32.SetPriorityClass, Ord:0324h | :0040130E FF150C204000 Call dword ptr [0040200C] * Referenced by a (U)nconditional or ?onditional Jump at Addresses: |:004012C9?, :004012D1?, :004012E6?, :00401306? | :00401314 8B442430 mov eax, dword ptr [esp+30] :00401318 50 push eax :00401319 FFD5 call ebp :0040131B EB16 jmp 00401333 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040128D? | :0040131D 8B0CB3 mov ecx, dword ptr [ebx+4*esi] :00401320 6810000500 push 00050010 :00401325 6848204000 push 00402048 :0040132A 51 push ecx :0040132B 6A00 push 00000000 * Reference To: USER32.MessageBoxW, Ord:01E5h | :0040132D FF1538204000 Call dword ptr [00402038] * Referenced by a (U)nconditional or ?onditional Jump at Addresses: |:0040125A?, :00401264?, :004012DE(U), :0040131B(U) | :00401333 8B442418 mov eax, dword ptr [esp+18] :00401337 46 inc esi :00401338 3BF0 cmp esi, eax :0040133A 0F8C10FFFFFF jl 00401250 * Referenced by a (U)nconditional or ?onditional Jump at Address: |:0040123E? | :00401340 53 push ebx :00401341 6A00 push 00000000 * Reference To: KERNEL32.GetProcessHeap, Ord:019Bh | :00401343 FF1508204000 Call dword ptr [00402008] :00401349 50 push eax * Reference To: KERNEL32.HeapFree, Ord:020Ch | :0040134A FF1504204000 Call dword ptr [00402004] :00401350 8B542428 mov edx, dword ptr [esp+28] :00401354 52 push edx * Reference To: KERNEL32.ExitProcess, Ord:00AFh | :00401355 FF1500204000 Call dword ptr [00402000] :0040135B 5F pop edi :0040135C 5E pop esi :0040135D 5D pop ebp :0040135E 5B pop ebx :0040135F 00000000000000000000 BYTE 10 DUP(0) :00401369 00000000000000000000 BYTE 10 DUP(0) :00401373 00000000000000000000 BYTE 10 DUP(0) :0040137D 00000000000000000000 BYTE 10 DUP(0) :00401387 00000000000000000000 BYTE 10 DUP(0) :00401391 00000000000000000000 BYTE 10 DUP(0) :0040139B 00000000000000000000 BYTE 10 DUP(0) :004013A5 00000000000000000000 BYTE 10 DUP(0) :004013AF 00000000000000000000 BYTE 10 DUP(0) :004013B9 00000000000000000000 BYTE 10 DUP(0) :004013C3 00000000000000000000 BYTE 10 DUP(0) :004013CD 00000000000000000000 BYTE 10 DUP(0) :004013D7 00000000000000000000 BYTE 10 DUP(0) :004013E1 00000000000000000000 BYTE 10 DUP(0) :004013EB 00000000000000000000 BYTE 10 DUP(0) :004013F5 00000000000000000000 BYTE 10 DUP(0) :004013FF 00182700002627000032 BYTE 10 DUP(0) :FFFFFFFF End Of Listing Edited by endless, 03 September 2007 - 23:29. |
#36
Posted 03 September 2007 - 23:53
Revenind la ce ai doreai initial ... daca folosesti Vista Home Premium/Ultimate ai parental controls. Pe XP programul de aici merge bine http://www.sentrypc.com/sentrypc.
|
Anunturi
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users