Author Topic: RK ANALYSE (Read 15283 times)

Casek · « **on:** February 28, 2014, 12:24:26 PM »

Hello,

is my PC infected? THANK YOU!

RogueKiller V8.8.9 [Feb 24 2014] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : http://forum.adlice.com
Webseite : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestartet in : Normaler Modus
Benutzer : User [Admin Rechte]
Funktion : Scannen -- Datum : 02/28/2014 12:09:20
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 2 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{526B48FD-6490-41F6-8300-59C5E1917D81} : NameServer (62.109.121.1 62.109.121.2 [GERMANY (DE) - GERMANY (DE)]) -> GEFUNDEN
[DNS][PUM] HKLM\[...]\CS001\[...]\{526B48FD-6490-41F6-8300-59C5E1917D81} : NameServer (62.109.121.1 62.109.121.2 [GERMANY (DE) - GERMANY (DE)]) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [GELADEN] ¤¤¤
[Address] SSDT[22] : NtAlpcConnectPort @ 0x82EBE59E -> HOOKED (Unknown @ 0x86C77008)
[Address] SSDT[155] : NtLoadDriver @ 0x82E0EC40 -> HOOKED (Unknown @ 0x86C77F90)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86B07A68)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x884BC0D0)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88208DD8)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x875BB5C8)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x885762D0)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x875BA5F8)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88576D20)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x88371890)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x884F20B0)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x884BF0B0)

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion : ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] b74539dd89053693484dc2e42fa8c912
[BSP] ede3d597197f644a295c29636bf380d8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_02282014_120920.txt >>
RKreport[0]_D_02272014_151117.txt;RKreport[0]_S_02272014_150650.txt

Tigzy · « **Reply #1 on:** March 01, 2014, 12:20:38 PM »

Hello

Quote

[DNS][PUM] HKLM\[...]\CCSet\[...]\{526B48FD-6490-41F6-8300-59C5E1917D81} : NameServer (62.109.121.1 62.109.121.2 [GERMANY (DE) - GERMANY (DE)]) -> GEFUNDEN
[DNS][PUM] HKLM\[...]\CS001\[...]\{526B48FD-6490-41F6-8300-59C5E1917D81} : NameServer (62.109.121.1 62.109.121.2 [GERMANY (DE) - GERMANY (DE)]) -> GEFUNDEN

If you're in Germany (I can assume this if I believe the language displayed by RogueKiller), then I'd say no, you're not.
Your DNS are probably pointing to your internet access provider.

Casek · « **Reply #2 on:** March 02, 2014, 05:17:44 PM »

Thank you!!

Casek · « **Reply #3 on:** March 23, 2014, 04:41:03 PM »

and what is this? NSA?

[Address] SSDT[22] : NtAlpcConnectPort @ 0x82EBE59E -> HOOKED (Unknown @ 0x86C77008)
[Address] SSDT[155] : NtLoadDriver @ 0x82E0EC40 -> HOOKED (Unknown @ 0x86C77F90)
[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86B07A68)
[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x884BC0D0)
[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88208DD8)
[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x875BB5C8)
[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x885762D0)
[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x875BA5F8)
[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88576D20)
[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x88371890)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x884F20B0)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x884BF0B0)

Tigzy · « **Reply #4 on:** March 24, 2014, 07:35:14 AM »

No

Probably your antivirus or, an old antivirus.

Casek · « **Reply #5 on:** March 24, 2014, 04:53:11 PM »

:)THANK YOU!!!

Casek · « **Reply #6 on:** April 09, 2014, 04:40:43 PM »

Hi Tigzy,

here is something new in the report:

(> engl.: "driver"

¤¤¤ "Treiber" : [GELADEN] ¤¤¤

[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C109AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C049A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C30731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C06395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C108ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C094AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C06A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C03982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C335E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C053E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C051BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C04EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C063E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C03F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C03F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C306CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C04BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C104BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C10473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C105DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C10FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C07C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C323B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C086E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C106E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C13611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C139D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C322E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C33172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C329C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C02D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C11081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C13CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C02E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C060AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C085B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C073D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C33296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C10134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3068D)
[Address] EAT @explorer.exe (DllGetClassObject) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379CF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\

Casek · « **Reply #7 on:** April 09, 2014, 04:41:45 PM »

here the rest:

system32\WindowsCodecs.dll @ 0x7379D8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxŒ(ˆð–×ø"ÿÿÿÿü–×tDû) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379EB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379D217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379E1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : xmllite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x7379DD99)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C109AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C049A1)
OOKED (C:\Windows\system32\napinsp.dll @ 0x735C1D20)

Casek · « **Reply #8 on:** April 09, 2014, 04:42:14 PM »

the rest (part III)

[Address] EAT @firefox.exe (BeginPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C30731)
[Address] EAT @firefox.exe (BufferedPaintClear) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C06395)
[Address] EAT @firefox.exe (BufferedPaintInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C108ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1E6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1D395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C094AB)
[Address] EAT @firefox.exe (CloseThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C06A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C03982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1D9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C335E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C053E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C051BF)
[Address] EAT @firefox.exe (DrawThemeText) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C04EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C063E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0FCAF)
[Address] EAT @firefox.exe (EnableTheming) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C03F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C03F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C306CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C04BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C104BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C10473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C105DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C10FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0CD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0BF93)
[Address] EAT @firefox.exe (GetThemeBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C07C1F)
[Address] EAT @firefox.exe (GetThemeColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0616C)
[Address] EAT @firefox.exe (GetThemeFilename) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32412)
[Address] EAT @firefox.exe (GetThemeFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0FF21)
[Address] EAT @firefox.exe (GetThemeInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0616C)
[Address] EAT @firefox.exe (GetThemeIntList) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C323B1)
[Address] EAT @firefox.exe (GetThemeMargins) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C086E9)
[Address] EAT @firefox.exe (GetThemeMetric) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C106E2)
[Address] EAT @firefox.exe (GetThemePartSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0CDB1)
[Address] EAT @firefox.exe (GetThemePosition) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23FBB)
[Address] EAT @firefox.exe (GetThemeRect) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C13611)
[Address] EAT @firefox.exe (GetThemeStream) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C139D9)
[Address] EAT @firefox.exe (GetThemeString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C322E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C33172)
[Address] EAT @firefox.exe (GetThemeSysColor) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C329C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3320B)
[Address] EAT @firefox.exe (GetThemeSysString) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C32B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C02D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C11081)
[Address] EAT @firefox.exe (GetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0DF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C13CE3)
[Address] EAT @firefox.exe (IsAppThemed) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F869)
[Address] EAT @firefox.exe (IsCompositionActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C02E9A)
[Address] EAT @firefox.exe (IsThemeActive) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0F785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C060AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C085B4)
[Address] EAT @firefox.exe (OpenThemeData) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C073D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C23D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C33296)
[Address] EAT @firefox.exe (SetWindowTheme) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C10134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C1CFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C0B176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : propsys.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73C3068D)
[Address] EAT @firefox.exe (DllMain) : AVRT.dll -> HOOKED (C:\Windows\system32\napinsp.dll @ 0x735C16E4)
[Address] EAT @firefox.exe (NSPStartup) : AVRT.dll -> H

Tigzy · « **Reply #9 on:** April 14, 2014, 08:37:10 AM »

Yep, that's already taken in account.
For next release.

Casek · « **Reply #10 on:** April 17, 2014, 04:01:38 PM »

:)cool, thank you!!!

Casek · « **Reply #11 on:** May 30, 2014, 10:48:09 PM »

Hi Tigzy,

now there is the next release.

But in the colour red after new release still it says:

¤¤¤ Antirootkit : 42 ¤¤¤
[SSDT:Addr] NtAlertResumeThread[13] : Unknown @ 0x8738a9e0
[SSDT:Addr] NtAlertThread[14] : Unknown @ 0x8738aa78
[SSDT:Addr] NtAllocateVirtualMemory[19] : Unknown @ 0x8737c290
[SSDT:Addr] NtAlpcConnectPort[22] : Unknown @ 0x86b19910
[SSDT:Addr] NtAssignProcessToJobObject[43] : Unknown @ 0x8738a458
[SSDT:Addr] NtCreateMutant[74] : Unknown @ 0x8738a808
[SSDT:Addr] NtCreateSymbolicLinkObject[86] : Unknown @ 0x87383aa8
[SSDT:Addr] NtCreateThread[87] : Unknown @ 0x8737c990
[SSDT:Addr] NtCreateThreadEx[88] : Unknown @ 0x87383b50
[SSDT:Addr] NtDebugActiveProcess[96] : Unknown @ 0x8738a4f0
[SSDT:Addr] NtDuplicateObject[111] : Unknown @ 0x87382840
[SSDT:Addr] NtFreeVirtualMemory[131] : Unknown @ 0x873821c0
[SSDT:Addr] NtImpersonateAnonymousToken[145] : Unknown @ 0x8738a8b0
[SSDT:Addr] NtImpersonateThread[147] : Unknown @ 0x8738a948
[SSDT:Addr] NtLoadDriver[155] : Unknown @ 0x86c563b8
[SSDT:Addr] NtMapViewOfSection[168] : Unknown @ 0x87389500
[SSDT:Addr] NtOpenEvent[177] : Unknown @ 0x8738a770
[SSDT:Addr] unknown[190] : Unknown @ 0x86d39868
[SSDT:Addr] NtOpenProcessToken[191] : Unknown @ 0x873827e8
[SSDT:Addr] NtOpenSection[194] : Unknown @ 0x8738a640
[SSDT:Addr] NtOpenThread[198] : Unknown @ 0x87384e38
[SSDT:Addr] NtProtectVirtualMemory[215] : Unknown @ 0x87383c08
[SSDT:Addr] NtResumeThread[304] : Unknown @ 0x8738ab10
[SSDT:Addr] unknown[316] : Unknown @ 0x873882f8
[SSDT:Addr] NtSetInformationProcess[333] : Unknown @ 0x87388370
[SSDT:Addr] NtSetSystemInformation[350] : Unknown @ 0x8738a588
[SSDT:Addr] NtSuspendProcess[366] : Unknown @ 0x8738a6d8
[SSDT:Addr] NtSuspendThread[367] : Unknown @ 0x8738ab88
[SSDT:Addr] NtTerminateProcess[370] : Unknown @ 0x8737de00
[SSDT:Addr] unknown[371] : Unknown @ 0x87388260
[SSDT:Addr] NtUnmapViewOfSection[385] : Unknown @ 0x87389488
[SSDT:Addr] NtWriteVirtualMemory[399] : Unknown @ 0x8737d948
[ShwSSDT:Addr] NtUserAttachThreadInput[318] : Unknown @ 0x87c9cc80
[ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : Unknown @ 0x88642070
[ShwSSDT:Addr] NtUserGetKeyboardState[434] : Unknown @ 0x879cf0d8
[ShwSSDT:Addr] NtUserGetKeyState[436] : Unknown @ 0x877b4340
[ShwSSDT:Addr] NtUserGetRawInputData[448] : Unknown @ 0x8784e4d8
[ShwSSDT:Addr] NtUserMessageCall[490] : Unknown @ 0x87cf12f8
[ShwSSDT:Addr] NtUserPostMessage[508] : Unknown @ 0x87d43d70
[ShwSSDT:Addr] NtUserPostThreadMessage[509] : Unknown @ 0x88624610
[ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : Unknown @ 0x8784e700
[ShwSSDT:Addr] NtUserSetWinEventHook[588] : Unknown @ 0x87c23390

Tigzy · « **Reply #12 on:** May 31, 2014, 08:49:03 AM »

Same as above, when it's unknown we can't decide.
I'll probably switch to Orange for unknown modules

Casek · « **Reply #13 on:** May 31, 2014, 10:47:10 AM »

Thank you Tigzy! ..... mh, unknown...

Author Topic: RK ANALYSE (Read 15283 times)

Casek

RK ANALYSE

Tigzy

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Tigzy

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Tigzy

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Casek

Re: RK ANALYSE

Tigzy

Re: RK ANALYSE

Casek

Re: RK ANALYSE