Bug Report

date/time
: 2012-02-11, 11:48:08, 102ms

computer name
: FANIEEEPC
user name
: fani <admin>
registered owner : fani
operating system : Windows 7 Service Pack 1 build 7601
system language : Indonesian
system up time
: 1 hour 16 minutes
program up time : 1 hour 16 minutes
processors
: 4x Intel(R) Atom(TM) CPU 330 @ 1.60GHz
physical memory : 49/767 MB (free/total)
free disk space : (C:) 21,74 GB
display mode
: 1366x768, 32 bit
process id
: $5fc
allocated memory : 294,78 MB
command line
: C:\PCMAV-6.2\PCMAV.exe /RTP
executable
: PCMAV.exe
exec. date/time : 2011-11-08 13:26
version
: 6.2.0.0
compiled with
: Delphi 2006/07
madExcept version : 3.0n
PCMAV.exe.mad
: $000270c8, $32fc3f68, $d01a3045
callstack crc
: $e1019b67, $51554a1c, $51554a1c
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 005B7254 in module 'PCMAV.exe'.
Read of address 000003A8.
thread $7b4:
005b7254 +34 PCMAV.exe
00455385 +0d PCMAV.exe
004553ef +37 PCMAV.exe
768e3c43 +10 kernel32.dll
>> created by thread $d1c
768e3778 +1b kernel32.dll
main thread ($804):
76fc66c7 +00a USER32.dll
004c7e71 +12d PCMAV.exe
004c7243 +017 PCMAV.exe
004c7547 +0b3 PCMAV.exe
00692305 +1c9 PCMAV.exe
segment%209 public%10668
BaseThreadInitThunk
at:
CreateThread
segment%59
segment%59
segment%59
segment%427
thread $cec (TgtTimerThread):

77466a22 +0a ntdll.dll
75611796 +66 KERNELBASE.dll
768dbaee +3e kernel32.dll
768dba9d +0d kernel32.dll
004d484b +13 PCMAV.exe
segment%65
004554a3 +2b PCMAV.exe
segment%23
00477140 +34 PCMAV.exe
segment%31
004056f4 +28 PCMAV.exe
segment%0
segment%23
segment%23
>> created by main thread ($804) at:
00405754 +50 PCMAV.exe
segment%0
WaitMessage
public%6047
public%6027
public%6032
public%13315
BaseThreadInitThunk
NtWaitForSingleObject
WaitForSingleObjectEx
WaitForSingleObject
public%6344
public%2362
public%3446
public%250
public%2360
public%2361
BaseThreadInitThunk
public%251
thread $cf0 (TWndProc): <suspended>

00405754 +50 PCMAV.exe segment%0 public%251
thread $cfc:
NtWaitForMultipleObjects
768e3c43 +10 kernel32.dll BaseThreadInitThunk
thread $d18:
77466422 +0a ntdll.dll
005b766c +30 PCMAV.exe
>> created by thread $d10
NtReplyWaitReceivePort
BaseThreadInitThunk
at:
CreateThread
thread $d1c: <priority:1>

005b72ee +12 PCMAV.exe
segment%209
segment%23
segment%23
>> created by thread $d10 at:
WaitForSingleObject
public%10669
public%2360
public%2361
BaseThreadInitThunk
CreateThread
thread $d38 (TgtTimerThread):

segment%65
segment%23
00477140 +34 PCMAV.exe
segment%31
segment%0
segment%23
segment%23
00405754 +50 PCMAV.exe
segment%0
WaitForSingleObject
public%6344
public%2362
public%3446
public%250
public%2360
public%2361
BaseThreadInitThunk
thread $f18:
segment%23
segment%23
>> created by thread $cf4 at:
public%2360
public%2361
BaseThreadInitThunk
thread $f20:
774657d2 +0a ntdll.dll
75611870 +4f KERNELBASE.dll
75611813 +0a KERNELBASE.dll
segment%23
segment%23
>> created by thread $f1c at:
NtDelayExecution
SleepEx
Sleep
public%2360
public%2361
BaseThreadInitThunk
public%251
CreateThread
CreateThread
thread $950 (TRegMonitorThread):

segment%289
segment%23
00477140 +34 PCMAV.exe
segment%31
segment%0
segment%23
segment%23
00405754 +50 PCMAV.exe
segment%0
WaitForSingleObject
public%13029
public%2362
public%3446
public%250
public%2360
public%2361
BaseThreadInitThunk
thread $9e8 (TRegMonitorThread):

segment%289
segment%23
00477140 +34 PCMAV.exe
segment%31
segment%0
segment%23
segment%23
00405754 +50 PCMAV.exe
segment%0
WaitForSingleObject
public%13029
public%2362
public%3446
public%250
public%2360
public%2361
BaseThreadInitThunk
public%251
public%251
thread $a6c:
756169d6 +0000 KERNELBASE.dll
WaitForMultipleObjectsEx
768dbc89 +0089 kernel32.dll
76fc62f3 +7f8a USER32.dll
MsgWaitForMultipleObjectsEx
76fc37f2 +001a USER32.dll
MsgWaitForMultipleObjects
00455385 +000d PCMAV.exe
BaseThreadInitThunk
>> created by thread $9b8 at:
CreateThread
thread $eec:
77466422 +0a ntdll.dll
005b766c +30 PCMAV.exe
>> created by thread $9b8
thread $ea8:
77466a22 +0a
75611796 +66
768dbaee +3e
768dba9d +0d
005b72ee +12
00455385 +0d
004553ef +37
BaseThreadInitThunk
at:
CreateThread
<priority:1>
ntdll.dll
KERNELBASE.dll
kernel32.dll
kernel32.dll
WaitForSingleObject
PCMAV.exe
PCMAV.exe
PCMAV.exe

BaseThreadInitThunk
CreateThread
thread $f00 (TgtTimerThread):

segment%65
segment%23
00477140 +34 PCMAV.exe
segment%31
segment%0
segment%23
segment%23
00405754 +50 PCMAV.exe
segment%0
WaitForSingleObject
public%6344
public%2362
public%3446
public%250
public%2360
public%2361
BaseThreadInitThunk
public%251
thread $f30:
76fcce0e +26 USER32.dll
GetMessageW
BaseThreadInitThunk
>> created by thread $4d4 at:
CreateThread
thread $2c8:
segment%209
segment%23
segment%23
>> created by thread $d1c at:
WaitForSingleObject
public%10668
public%2360
public%2361
BaseThreadInitThunk
CreateThread
thread $de4:
NtWaitForWorkViaWorkerFactory
thread $93c:
thread $cd0:
thread $4dc:
processes:
000 Idle
004 System
0f8 smss.exe
154 csrss.exe
0
0
0
0
0
0
0
0
0
0
0
0
normal
normal
C:\Windows\system32
C:\Windows\system32
1a0 wininit.exe
0 0 0 high
1a8 csrss.exe
1 174 78 normal
1d0 services.exe
0 0 0 normal
1e0 lsass.exe
0 0 0 normal
1e8 lsm.exe
0 0 0 normal
254 svchost.exe
0 0 0 normal
2ac svchost.exe
0 0 0 normal
2ec svchost.exe
0 0 0 normal
30c svchost.exe
0 0 0 normal
32c winlogon.exe
1 6 0 high
34c svchost.exe
0 0 0 normal
410 svchost.exe
0 0 0 normal
484 svchost.exe
0 0 0 normal
4f0 svchost.exe
0 0 0 normal
538 AvastSvc.exe
0 0 0 normal
Avast5
6cc spoolsv.exe
0 0 0 normal
734 RTPSvc.exe
0 0 0 normal
760 svchost.exe
0 0 0 normal
140 svchost.exe
0 0 0 normal
5e4 taskhost.exe
1 26 19 normal
5f0 taskeng.exe
1 10 3 normal
580 Dwm.exe
1 19 2 high
5fc PCMAV.exe
1 226 167 below normal
818 Explorer.EXE
1 575 380 normal
908 AvastUI.exe
1 60 13 normal
Avast5
914 jusched.exe
1 9 2 normal
va\Java Update
924 IDMan.exe
1 116 68 normal
ad Manager
a24 IEMonitor.exe
1 18 16 normal
ad Manager
a78 SearchIndexer.exe
0 0 0 normal
ae0 wmpnetwk.exe
0 0 0 normal
layer
b54 svchost.exe
0 0 0 normal
d40 firefox.exe
1 470 78 normal
5bc svchost.exe
0 0 0 normal
944 plugin-container.exe 1 35 52 normal
29c OSPPSVC.EXE
0 0 0 normal
crosoft Shared\OfficeSoftwareProtectionPlatform
bac audiodg.exe
0 0 0
43c WINWORD.EXE
1 234 72 normal
e\Office14
8ec KaraFunPlayer.exe
1 234 103 normal
\programs\KaraFun Player
cpu
eax
ebx
ecx
edx
esi
edi
eip
esp
ebp
registers:
= 00000388
= 16d82170
= 756117c4
= 774670b4
= 00000388
= 002ed9c4
= 005b7254
= 187aff2c
= 187aff40
stack dump:
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\System32
C:\Windows\System32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Program Files\Alwil Software\
C:\Windows\System32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\PCMAV-6.2
C:\Windows
C:\Program Files\Alwil Software\
C:\Program Files\Common Files\Ja
C:\Program Files\Internet Downlo
C:\Program Files\Internet Downlo
C:\Windows\system32
C:\Program Files\Windows Media P
C:\Windows\system32
C:\Program Files\Mozilla Firefox
C:\Windows\System32
C:\Program Files\Mozilla Firefox
C:\Program Files\Common Files\Mi
C:\Program Files\Microsoft Offic
D:\fani'sdocuments\Downloads\idm
187aff2c
187aff3c
187aff4c
187aff5c
187aff6c
187aff7c
187aff8c
187aff9c
187affac
187affbc
187affcc
187affdc
187affec
187afffc
00
00
20
70
c4
00
45
90
90
a0
bb
b8
00
00
00
00
72
21
ff
00
3c
85
85
ff
fc
53
00
00
00
00
5b
d8
7a
00
8e
da
da
7a
08
45
00
00
00
00
00
16
18
00
76
01
01
18
00
00
00
00
70
50
88
6c
65
90
90
17
00
00
00
90
00
21
ff
ff
ff
54
85
85
11
00
00
00
85
00
d8
7a
7a
7a
45
da
da
35
00
00
00
da
00
16
18
18
18
00
01
01
6f
00
00
00
01
00
4c
87
f4
a0
88
ff
d4
00
00
ff
ec
00
b8
ff
53
53
4d
ff
ff
ff
00
00
ff
ff
00
53
7a
45
45
40
7a
ff
7a
00
00
ff
7a
00
45
18
00
00
00
18
ff
18
00
00
ff
18
00
00
88
70
20
88
00
94
f5
00
00
ed
c8
00
90
d9
21
72
ff
00
ff
37
00
00
e0
37
00
85
2e
d8
5b
7a
00
7a
48
00
00
43
48
00
da
00
16
00
18
00
18
77
00
00
77
77
00
01
....p!..L.z.....
....P.z..SE.p!..
.r[...z..SE..r[.
p!..l.z..M@...z.
..z.eTE...z.....
..............z.
E<.v......z..7Hw
......5o........
................
..z...........Cw
..........z..7Hw
.SE.............
.........SE.....
....
disassembling:
005b7220 public segment%209.public%10668 (PCMAV.exe): ; function entry point
005b7220 push
ebp
005b7221 mov
ebp, esp
005b7223 add
esp, -8
005b7226 push
ebx
005b7227 push
esi
005b7228 push
edi
005b7229 mov
ebx, [ebp+8]
005b722c xor
eax, eax
005b722e mov
[ebp-4], eax
005b722c
005b7231 loc_5b7231:
005b7231 push
$ffffffff
005b7233 mov
eax, [ebx+8]
005b7236 push
eax
005b7237 call
-$1ae858 ($4089e4)
; segment%3.public%696 (PCMAV.exe)
005b7237
005b723c test
eax, eax
005b723e jnz
loc_5b72ce
005b723e
005b7244 cmp
dword ptr [ebx+$c], 0
005b7248 jz
loc_5b72ce
005b7248
005b724e mov
eax, [ebx+$c]
005b7251 mov
esi, [ebx+$c]
005b7254 > add
eax, [esi+$20]
005b7257 mov
edi, eax
005b7259 mov
eax, [esi+$14]
005b725c push
eax
005b725d mov
eax, [esi+$10]
005b7260 push
eax
005b7261 mov
eax, [edi+4]
005b7264 push
eax
005b7265 lea
eax, [edi+$14]
005b7268 push
eax
005b7269 mov
eax, [esi+4]
005b726c call
-$1b1645 ($405c2c)
005b726c
005b7271 push
eax
005b7272 call
dword ptr [esi+8]
005b7272
005b7275 mov
eax, [ebx+$c]
005b7278 cmp
dword ptr [eax+$14], 0
005b727c jz
loc_5b7295
005b727c
005b727e mov
eax, [ebx+$c]
005b7281 mov
eax, [eax+$1c]
005b7284 push
eax
005b7285 call
-$1ae9ae ($4088dc)
005b7285
005b728a mov
eax, [ebx+$c]
005b728d add
eax, $c
005b7290 call
-$779 ($5b6b1c)
005b7290
005b7295 loc_5b7295:
005b7295 call
-$1aebee ($4086ac)
005b7295
005b729a mov
[ebx+$10], eax
005b729d mov
eax, [ebx+$c]
005b72a0 add
eax, 4
005b72a3 call
-$1b1b28 ($405780)
005b72a3
005b72a8 mov
eax, [ebx+$c]
005b72ab mov
[ebp-8], eax
005b72ae xor
eax, eax
005b72b0 mov
[ebx+$c], eax
005b72b3 mov
eax, [ebp-8]
005b72b6 push
eax
005b72b7 call
-$1aeb08 ($4087b4)
005b72b7
005b72bc push
0
005b72be push
1
005b72c0 mov
eax, [ebx+4]
005b72c3 push
eax
005b72c4 call
-$1aea2d ($40889c)
005b72c4
005b72c9 jmp
loc_5b7231
005b72c9
005b72c9 ; --------------------------------------------------------005b72c9
005b72ce loc_5b72ce:
005b72ce mov
eax, [ebp-4]
005b72d1 pop
edi
005b72d2 pop
esi
005b72d3 pop
ebx
005b72d4 pop
ecx
005b72d5 pop
ecx
005b72d6 pop
ebp
005b72d7 ret
4
date/time
computer name
user name
registered owner
operating system
system language
system up time
program up time
processors
physical memory
free disk space
display mode
process id
allocated memory
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2012-04-22, 19:32:56, 15ms

USER-HP
user <admin>
Microsoft / Microsoft
Windows 7 x64 Service Pack 1 build 7601
English
44 minutes 9 seconds
33 minutes 20 seconds
4x Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
661/1996 MB (free/total)
(C:) 32,31 GB
1366x768, 32 bit
$1770
312,96 MB
executable
exec. date/time
version
compiled with
madExcept version
PCMAV.exe.mad
callstack crc
exception number
exception class
exception message
:
:
:
:
:
:
:
:
:
:
PCMAV.exe
2012-03-16 15:25
7.0.61078.27766
Delphi XE2
3.0n
$0003bfbc, $432a4070, $55f9b2f8
$065e902e, $87ed5727, $87ed5727
1
EOutOfMemory
Out of memory.
thread $1708 (TAutoScanRD):

065e902e +000 pcmavcore.dll
0673c44d +071 pcmavcore.dll
007c0cef +147 PCMAV.exe
segment%165
007c0f8b +02b PCMAV.exe
segment%165
004bc4c3 +02b PCMAV.exe
segment%36
00483662 +042 PCMAV.exe
segment%30
00408520 +028 PCMAV.exe
segment%0
004bc3a5 +00d PCMAV.exe
segment%36
004bc40f +037 PCMAV.exe
segment%36
768233c8 +010 kernel32.dll
>> created by main thread ($17a4) at:
0040858a +05a PCMAV.exe
segment%0
main thread ($17a4):
006c925c +0e8 PCMAV.exe
006cfa49 +0a5 PCMAV.exe
006d275b +4bf PCMAV.exe
004fd298 +2d4 PCMAV.exe
00501be3 +5b3 PCMAV.exe
006980dc +0e8 PCMAV.exe
00501238 +02c PCMAV.exe
0048668c +014 PCMAV.exe
76d07885 +00a USER32.dll
005a7163 +0f3 PCMAV.exe
005a71a6 +00a PCMAV.exe
005a74d9 +0c9 PCMAV.exe
008eb1e4 +0d0 PCMAV.exe
768233c8 +010 kernel32.dll
segment%104
segment%104
segment%104
segment%62
segment%62
segment%98
segment%62
segment%30
segment%79
segment%79
segment%79
segment%393
ScanSingleFile
public%18073
public%18076
public%4586
public%3630
public%327
public%4584
public%4585
BaseThreadInitThunk
public%328
public%14791
public%14945
public%15000
public%5999
public%6158
public%14295
public%6153
public%3805
DispatchMessageW
public%9876
public%9878
public%9883
public%20885
BaseThreadInitThunk
thread $17ac:
77cd0146 +0e ntdll.dll
768233c8 +10 kernel32.dll BaseThreadInitThunk
thread $1580 (TWorkerThread):
77ccf8ba +0e ntdll.dll
7682118f +3e kernel32.dll
76821143 +0d kernel32.dll
00677a91 +19 PCMAV.exe
segment%98
004bc4c3 +2b PCMAV.exe
segment%36
00483662 +42 PCMAV.exe
segment%30
00408520 +28 PCMAV.exe
segment%0
segment%36
segment%36
768233c8 +10 kernel32.dll
0040858a +5a PCMAV.exe
segment%0
WaitForSingleObject
public%13639
public%4586
public%3630
public%327
public%4584
public%4585
BaseThreadInitThunk
public%328
thread $16cc:
005da78f +2f PCMAV.exe
segment%89
005da352 +36 PCMAV.exe
segment%89
segment%36
segment%36
768234f0 +1b kernel32.dll
WaitForSingleObject
public%10955
public%10934
public%4584
public%4585
BaseThreadInitThunk
CreateThread
thread $304:
006b2e31 +4d PCMAV.exe
segment%101
segment%89
segment%36
segment%36
WaitForSingleObject
public%14689
public%10934
public%4584
public%4585
BaseThreadInitThunk
CreateThread
thread $16c4:
76d07908 +26 USER32.dll
006b21f7 +bb PCMAV.exe
>> created by main thread
segment%101
segment%89
segment%36
segment%36
thread $12f0:
77ccf977 +0b ntdll.dll
00793e30 +30 PCMAV.exe
BaseThreadInitThunk
($17a4) at:
CreateThread
GetMessageW
public%14679
public%10934
public%4584
public%4585
BaseThreadInitThunk
($17a4) at:
CreateThread
thread $128c: <priority:1>

00793ab6 +12 PCMAV.exe
segment%150
segment%36
segment%36
thread $16a8:
WaitForSingleObject
public%17578
public%4584
public%4585
BaseThreadInitThunk
CreateThread

BaseThreadInitThunk
CreateThread
thread $6d0: <priority:1>
segment%150
segment%36
segment%36
WaitForSingleObject
public%17578
public%4584
public%4585
BaseThreadInitThunk
thread $17f8:
007939ff +17 PCMAV.exe
segment%150
segment%36
segment%36
>> created by thread $6d0 at:
WaitForSingleObject
public%17577
public%4584
public%4585
BaseThreadInitThunk
CreateThread
CreateThread
thread $a94:
77cd1f2f +0b ntdll.dll
thread $1644:
BaseThreadInitThunk
($17a4) at:
CreateThread
thread $1024: <priority:1>

segment%150
segment%36
segment%36
thread $dc4 (TRunningItemThread):
76d2f5b7 +00e USER32.dll
76d5f737 +752 USER32.dll
76d5fb1a +04d USER32.dll
76d5fd10 +016 USER32.dll
WaitForSingleObject
public%17578
public%4584
public%4585
BaseThreadInitThunk
CreateThread
WaitMessage
SoftModalMessageBox
MessageBoxTimeoutW
MessageBoxExW
76d5fd52 +013
007ac62c +1d8
77cc013e +00a
7672b710 +041
004bc4c3 +02b
00483662 +042
00408520 +028
004bc3a5 +00d
004bc40f +037
768233c8 +010
>> created by
0040858a +05a
USER32.dll
PCMAV.exe
segment%157
ntdll.dll
KERNELBASE.dll
PCMAV.exe
segment%36
PCMAV.exe
segment%30
PCMAV.exe
segment%0
PCMAV.exe
segment%36
PCMAV.exe
segment%36
kernel32.dll
main thread ($17a4) at:
PCMAV.exe
segment%0
thread $3c0:
007939ff +17 PCMAV.exe
segment%150
segment%36
segment%36
>> created by thread $128c at:
MessageBoxW
public%17737
KiUserExceptionDispatcher
RaiseException
public%4586
public%3630
public%327
public%4584
public%4585
BaseThreadInitThunk
public%328
WaitForSingleObject
public%17577
public%4584
public%4585
BaseThreadInitThunk
CreateThread
thread $11dc:
thread $160c:
thread $16dc:
thread $f5c:
77cd0146 +0e ntdll.dll
7673095c +fa KERNELBASE.dll
76821a27 +89 kernel32.dll
BaseThreadInitThunk
>> created by thread $1708 (TAutoScanRD) at:
CreateThread
processes:
0000 Idle
0004 System
0138 smss.exe
01b8 csrss.exe
0220 wininit.exe
0234 csrss.exe
0258 services.exe
0270 lsass.exe
0278 lsm.exe
02e0 svchost.exe
0324 winlogon.exe
0334 DFServ.exe
0
0
0
0
0
1
0
0
0
0
1
0
0
0
0
0
0
176
0
0
0
0
6
0
0
0
0
0
0
78
0
0
0
0
0
0
normal
normal
high
normal
normal
normal
normal
normal
high
normal
C:\Program Files (x86)\Far
onics\Deep Freeze\Install C-0

0370 TrueSuiteService.exe
0 0
SimplePass 2011
03ac svchost.exe
0 0
03e8 atiesrxx.exe
0 0
0174 svchost.exe
0 0
01c4 svchost.exe
0 0
01b4 svchost.exe
0 0
0238 stacsv64.exe
0 0
04d0 svchost.exe
0 0
0508 atieclxx.exe
1 9
0540 svchost.exe
0 0
05bc wlanext.exe
0 0
05c4 conhost.exe
0 0
05fc spoolsv.exe
0 0
061c svchost.exe
0 0
06ac armsvc.exe
0 0
mon Files\Adobe\ARM\1.0
06f8 btwdins.exe
0 0
0758 HPClientServices.exe
0 0
0774 dwm.exe
1 20
0794 taskhost.exe
1 26
07bc explorer.exe
1 584
01bc TouchControl.exe
1 17
SimplePass 2011
0708 HPDrvMntSvc.exe
0 0
lett-Packard\Shared
0630 BioMonitor.exe
1 9
SimplePass 2011
07b8 HPWMISVC.exe
0 0
lett-Packard\HP Quick Launch
083c RIconMan.exe
0 0
0860 IJPLMSVC.EXE
0 0
on\IJPLM
0878 jhi_service.exe
0 0
el\Services\IPT
08cc WLIDSVC.EXE
0 0
0910 taskeng.exe
1 10
0918 HPAuto.exe
0 0
0a70 svchost.exe
0 0
0b0c svchost.exe
0 0
0b48 WLIDSVCM.EXE
0 0
0bac FrzState2k.exe
1 26
onics\Deep Freeze\Install C-0\_$Df
07c4 hkcmd.exe
1 9
09f8 igfxpers.exe
1 9
09b4 SynTPEnh.exe
1 82
0a60 sttray64.exe
1 16
06b4 BJMYPRT.EXE
1 18
0688 NMBgMonitor.exe
1 9
mon Files\Ahead\Lib
0b90 HPTaskBar1.exe
1 47
0b98 HPTaskBar2.exe
1 19
09c4 SynTPHelper.exe
1 9
0c44 NMIndexStoreSvr.exe
1 25
mon Files\Ahead\Lib
0c90 IAStorIcon.exe
1 33
el\Intel(R) Rapid Storage Technology
0cc0 hpqwutils.exe
1 13
lett-Packard\HP QuickWeb
normal
C:\Program Files (x86)\HP
0
0
0
0
0
0
0
6
0
0
0
0
0
0
normal
normal
normal
normal
normal
normal
normal
normal
normal
normal
normal
normal
normal
normal
C:\Program Files (x86)\Com
0
0
2
22
360
15
normal
normal
high
normal
normal
normal
normal
C:\Program Files (x86)\Hew
normal
normal
0
0
normal
normal
C:\Program Files (x86)\Can
normal
C:\Program Files (x86)\Int
0
3
0
0
0
0
17
normal
normal
normal
normal
normal
normal
normal
C:\Program Files (x86)\Far
18
4
43
15
12
6
normal
normal
above normal
normal
normal
normal
15
15
3
6
normal
normal
above normal
normal
15 normal
normal
0cd0 HPMSGSVC.exe
1 12 7 normal
lett-Packard\HP Quick Launch
0d00 HPOSD.exe
1 19 11 normal
lett-Packard\HP On Screen Display
0d30 WmiPrvSE.exe
0 0 0 normal
0e38 hpqWmiEx.exe
0 0 0 normal
lett-Packard\Shared
0ee0 ymsgr_tray.exe
1 27 9 normal
oo!\Messenger
0f24 NMIndexingService.exe
0 0 0 normal
mon Files\Ahead\Lib
0fbc iexplore.exe
1 234 84 normal
ernet Explorer
0ff0 iexplore.exe
1 46 82 normal
ernet Explorer
0c38 svchost.exe
0 0 0 normal
0e20 unsecapp.exe
1 9 2 normal
0ca0 SearchIndexer.exe
0 0 0 normal
0b7c wmpnetwk.exe
0 0 0 normal
1218 YCMMirage.exe
1 15 7 below normal
erLink\YouCam
1314 regsrv67.exe
1 4 1 normal
ing
12a8 PresentationFontCache.exe 0 0 0 normal
13d0 MOM.exe
1 10 10 normal
076c CCC.exe
1 36 30 normal
0470 HPSA_Service.exe
0 0 0 normal
0fa8 firefox.exe
1 314 58 normal
illa Firefox
13e4 IAStorDataMgrSvc.exe
0 0 0 normal
el\Intel(R) Rapid Storage Technology
134c LMS.exe
0 0 0 normal
el\Intel(R) Management Engine Components\LMS
12bc svchost.exe
0 0 0 normal
060c UNS.exe
0 0 0 normal
el\Intel(R) Management Engine Components\UNS
1720 plugin-container.exe
1 13 14 normal
illa Firefox
0c78 x11.exe
1 4 2 normal
rograms\Startup
0df8 x11.exe
1 5 2 normal
rograms\Startup
0fd4 conhost.exe
1 29 10 normal
0494 audiodg.exe
0 0 0 normal
1770 PCMAV.exe
1 264 192 normal
161c RTPshell.exe
1 43 27 normal
0950 MpCmdRun.exe
0 0 0 normal
disassembling:
065e61fc loc_65e61fc:
065e61fc mov
eax, [esp+4]
065e6200 test
dword ptr [eax+4], 6
065e6207 jz
loc_65e629c
065e6207
065e620d push
ebx
065e620e xor
ebx, ebx
065e6210 push
esi
065e6211 push
edi
065e6212 push
ebp
065e6213 push
ebp

C:\Program Files (x86)\Yah
C:\Program Files (x86)\Cyb

C:\Users\user\AppData\Roam
C:\Program Files (x86)\Moz

C:\Program Files (x86)\Moz
C:\Users\user\Start Menu\P
C:\Users\user\Start Menu\P
C:\PCMAV
c:\pcmav
065e6214
065e6219
065e621c
065e621f
065e6222
065e6225
065e6228
065e6229
065e622a
065e622b
065e622c
065e6230
065e6230
065e6235
065e623b
065e6241
065e6244
065e6247
065e624e
065e6251
065e6251
065e6256
065e6256
065e6258
065e6258
065e625d
065e6263
065e6265
065e626b
065e626e
065e6270
065e6271
065e6272
065e6273
065e6276
065e6277
065e6278
065e6279
065e627a
065e627a
065e627a
065e627a
065e627c
065e627c
065e627c
065e627c
065e629c
065e629c
065e62a1
065e62a1
065e62a1
065e62a1
065e62a4
065e62a4
065e62a8
065e62ac
065e62b3
065e62b3
065e62b5
065e62b8
push
push
mov
mov
mov
mov
push
push
push
push
mov
call
$65e627c
dword ptr fs:[ebx]
fs:[ebx], esp
ebx, fs:[ebx]
edx, [eax+$18]
ecx, [eax+$14]
ebx
eax
edx
ecx
edi, [esp+$34]
+$4de7 ($65eb01c)
push
mov
mov
mov
mov
add
call
dword ptr [eax]

[eax], esp
ecx, [edi+4]
ebp, [edi+8]
dword ptr [edi+4], $65e627c
ecx, 5
-$372 ($65e5ee4)
call
ecx
call
+$4dbf ($65eb01c)
mov
mov
mov
add
xor
pop
pop
pop
mov
pop
pop
pop
pop
jmp
ecx, [eax]
edx, [ecx]
[eax], edx
esp, $14
eax, eax
edx
ecx
ecx
fs:[eax], edx
ebp
edi
esi
ebx
loc_65e629c
; --------------------------------------------------------jmp
loc_65e62a4
; --------------------------------------------------------loc_65e629c:
mov
eax, 1
ret
; --------------------------------------------------------loc_65e62a4:
mov
eax, [esp+4]
mov
edx, [esp+8]
test
dword ptr [eax+4], 6
jz
loc_65e62d4
mov
mov
ecx, [edx+4]
dword ptr [edx+4], $65e62d4
065e62bf push
ebx
065e62c0 push
esi
065e62c1 push
edi
065e62c2 push
ebp
065e62c3 mov
ebp, [edx+8]
065e62c6 add
ecx, 5
065e62c9 call
-$3ea ($65e5ee4)
065e62c9
065e62ce call
ecx
065e62ce
065e62d0 pop
ebp
065e62d1 pop
edi
065e62d2 pop
esi
065e62d3 pop
ebx
065e62d2
065e62d4 loc_65e62d4:
065e62d4 mov
eax, 1
065e62d9 ret
065e62d9
065e62d9 ; --------------------------------------------------------065e62d9
0673c3dc public ScanSingleFile:
; function entry point
0673c3dc push
ebp
0673c3dd mov
ebp, esp
0673c3df add
esp, -$c
0673c3e2 xor
eax, eax
0673c3e4 mov
[ebp-$c], eax
0673c3e7 lea
eax, [ebp+8]
0673c3ea call
-$1555c7 ($65e6e28)
0673c3ea
0673c3ef xor
eax, eax
0673c3f1 push
ebp
0673c3f2 push
$673c495
0673c3f7 push
dword ptr fs:[eax]
0673c3fa mov
fs:[eax], esp
0673c3fd mov
byte ptr [ebp-1], 0
0673c401 xor
eax, eax
0673c403 mov
[ebp-8], eax
0673c406 mov
dl, 1
0673c408 mov
eax, [$673a484]
0673c40d call
-$1574da ($65e4f38)
0673c40d
0673c412 mov
[ebp-8], eax
0673c415 xor
eax, eax
0673c417 push
ebp
0673c418 push
$673c470
0673c41d push
dword ptr fs:[eax]
0673c420 mov
fs:[eax], esp
0673c423 mov
eax, [ebp+$10]
0673c426 push
eax
0673c427 mov
eax, [ebp+$14]
0673c42a mov
al, [eax]
0673c42c push
eax
0673c42d mov
eax, [ebp+$18]
0673c430 mov
al, [eax]
0673c432 push
eax
0673c433 mov
eax, [ebp+$1c]
0673c436 mov
al, [eax]
0673c438 push
eax
0673c439 lea
eax, [ebp-$c]
0673c43c
0673c43f
0673c43f
0673c444
0673c447
0673c44a
0673c44d
0673c44d
0673c452
0673c454
0673c454
0673c456
0673c454
0673c45a
0673c45a
0673c45c
0673c45d
0673c45e
0673c45f
0673c462
0673c467
0673c46a
0673c46a
0673c46f
0673c46f
0673c46f
0673c46f
0673c470
0673c470
0673c470
0673c470
0673c495
mov
call
mov
mov
mov
> call
edx, [ebp+8]
-$154800 ($65e7c44)
edx, [ebp-$c]
ecx, [ebp+$c]
eax, [ebp-8]
-$1486 ($673afcc)
test
jz
al, al
loc_673c45a
mov
byte ptr [ebp-1], 1
loc_673c45a:
xor
eax, eax
pop
edx
pop
ecx
pop
ecx
mov
fs:[eax], edx
push
$673c477
mov
eax, [ebp-8]
call
-$157507 ($65e4f68)
ret
; --------------------------------------------------------jmp
loc_65e61fc
; --------------------------------------------------------jmp
loc_65e61fc

Bug Report

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Bug Report

Caricato da

Copyright:

Formati disponibili

date/time

: 2012-02-11, 11:48:08, 102ms

thread $cec (TgtTimerThread):

thread $cf0 (TWndProc): <suspended>

thread $d1c: <priority:1>

thread $d38 (TgtTimerThread):

thread $950 (TRegMonitorThread):

thread $9e8 (TRegMonitorThread):

768e3c43 +10 kernel32.dll

thread $f00 (TgtTimerThread):

2012-04-22, 19:32:56, 15ms

thread $1708 (TAutoScanRD):

thread $128c: <priority:1>

004bc3a5 +0d PCMAV.exe

thread $1024: <priority:1>

C:\Program Files (x86)\Far

onics\Deep Freeze\Install C-0

C:\Program Files (x86)\HP

C:\Program Files (x86)\Com

C:\Program Files (x86)\HP

C:\Program Files (x86)\Hew

C:\Program Files (x86)\HP

C:\Program Files (x86)\Hew

C:\Program Files (x86)\Can

C:\Program Files (x86)\Int

C:\Program Files (x86)\Far

C:\Program Files (x86)\Int

C:\Program Files (x86)\Hew

C:\Program Files (x86)\Hew

C:\Program Files (x86)\Cyb

C:\Program Files (x86)\Moz

dword ptr [eax]

byte ptr [ebp-1], 1

Potrebbero piacerti anche