Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Bug Report
Caricato da
Erich Estrada Butar-Butar0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
50 visualizzazioni37 paginebug
Copyright
© © All Rights Reserved
Formati disponibili
TXT, PDF, TXT o leggi online da Scribd
Condividi questo documento
Condividi o incorpora il documento
Hai trovato utile questo documento?
Questo contenuto è inappropriato?
Segnala questo documentobug
Copyright:
© All Rights Reserved
Formati disponibili
Scarica in formato TXT, PDF, TXT o leggi online su Scribd
0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
50 visualizzazioni37 pagineBug Report
Caricato da
Erich Estrada Butar-Butarbug
Copyright:
© All Rights Reserved
Formati disponibili
Scarica in formato TXT, PDF, TXT o leggi online su Scribd
Sei sulla pagina 1di 37
date/time : 2014-06-05, 10:53:16, 891ms
computer name : ASUS-PC
user name : ASUS <admin>
registered owner : Microsoft / Microsoft
operating system : Windows 7 x64 build 7600
system language : Indonesian
system up time : 1 hour 53 minutes
program up time : 1 hour 53 minutes
processors : 4x Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
physical memory : 1150/1934 MB (free/total)
free disk space : (C:) 62,27 GB
display mode : 1366x768, 32 bit
process id : $8ac
allocated memory : 59,56 MB
largest free block : 1,47 GB
command line : "C:\PC MAV 9.9.1\PCMAV.exe" /RTP
executable : PCMAV.exe
exec. date/time : 2014-03-03 11:07
version : 9.9.0.0
compiled with : Delphi XE2
madExcept version : 4.0.8.1
callstack crc : $001615f8, $cac264f5, $4d226a46
count : 2
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 007ACFF0 in module 'PCMAV.exe'.
Read of address 00000014.
thread $97c:
007acff0 +058 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $db8 at:
007ad1c7 +173 PCMAV.exe madCodeHook LpcDispatchThread
main thread ($8b0):
75a54386 +00e USER32.dll WaitMessage
005ba0fd +149 PCMAV.exe Vcl.Forms TApplication.Idle
005b9323 +017 PCMAV.exe Vcl.Forms TApplication.HandleMessage
005b9649 +0c9 PCMAV.exe Vcl.Forms TApplication.Run
0087b400 +19c PCMAV.exe PCMAV 152 +54 initialization
75b43675 +010 kernel32.dll BaseThreadInitThunk
thread $a38:
77c400f6 +0e ntdll.dll NtWaitForMultipleObjects
75b43675 +10 kernel32.dll BaseThreadInitThunk
thread $a44:
77c41edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
75b43675 +10 kernel32.dll BaseThreadInitThunk
thread $a4c (TWorkerThread):
77c3f86a +0e ntdll.dll NtWaitForSingleObject
75850810 +92 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +3e kernel32.dll WaitForSingleObjectEx
75b41133 +0d kernel32.dll WaitForSingleObject
0068b0d1 +19 PCMAV.exe VirtualTrees 6173 +3 TWorkerThread.Execute
004cc8cb +2b PCMAV.exe madExcept HookedTThreadExecute
00486faa +42 PCMAV.exe System.Classes ThreadProc
004079f0 +28 PCMAV.exe System 207 +0 ThreadWrapper
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
0068afc6 +16 PCMAV.exe VirtualTrees 6116 +1 TWorkerThread.Create
thread $438:
77c3f86a +0e ntdll.dll NtWaitForSingleObject
75850810 +92 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +3e kernel32.dll WaitForSingleObjectEx
75b41133 +0d kernel32.dll WaitForSingleObject
005edc6b +2f PCMAV.exe MPThreadManager 898 +4 TCommonEventThread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $43c:
77c3f86a +0e ntdll.dll NtWaitForSingleObject
75850810 +92 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +3e kernel32.dll WaitForSingleObjectEx
75b41133 +0d kernel32.dll WaitForSingleObject
006c6829 +4d PCMAV.exe VirtualShellNotifier 2272 +9 TVirtualChangeDispatch
Thread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteS
tub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $474:
75a47eb8 +26 USER32.dll GetMessageW
006c5bef +bb PCMAV.exe VirtualShellNotifier 1930 +15 TVirtualShellChangeThrea
d.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStu
b
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $db4:
77c3f927 +00b ntdll.dll NtReplyWaitReceivePort
007ad3e0 +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
007ad8b8 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $db8: <priority:1>
77c3f86a +00e ntdll.dll NtWaitForSingleObject
75850810 +092 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +03e kernel32.dll WaitForSingleObjectEx
75b41133 +00d kernel32.dll WaitForSingleObject
007ad066 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
007ad8d9 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $dc4:
77c3f927 +00b ntdll.dll NtReplyWaitReceivePort
007ad3e0 +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
007ad8b8 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $dc8: <priority:1>
77c3f86a +00e ntdll.dll NtWaitForSingleObject
75850810 +092 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +03e kernel32.dll WaitForSingleObjectEx
75b41133 +00d kernel32.dll WaitForSingleObject
007ad066 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($8b0) at:
007ad8d9 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $e28 (TWndProc): <suspended>
0077ff4d +d PCMAV.exe UnitWndProc 36 +1 TWndProc.Execute
thread $e2c:
77c3f86a +0e ntdll.dll NtWaitForSingleObject
75850810 +92 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +3e kernel32.dll WaitForSingleObjectEx
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $a48 at:
7338325b +00 rasman.dll
thread $d88:
77c3f86a +00e ntdll.dll NtWaitForSingleObject
75850810 +092 KERNELBASE.dll WaitForSingleObjectEx
75b4117f +03e kernel32.dll WaitForSingleObjectEx
75b41133 +00d kernel32.dll WaitForSingleObject
007acfaf +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
75b43675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $db8 at:
007ad1c7 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $cd4:
77c41edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
75b43675 +10 kernel32.dll BaseThreadInitThunk
thread $320:
77c41edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
75b43675 +10 kernel32.dll BaseThreadInitThunk
processes:
0000 Idle 0 0 0
0004 System 0 0 0
01a4 smss.exe 0 0 0 normal
0258 csrss.exe 0 0 0 normal
0304 wininit.exe 0 0 0 high
0318 csrss.exe 1 174 78 normal
034c services.exe 0 0 0 normal
0354 lsass.exe 0 0 0 normal
035c lsm.exe 0 0 0 normal
0398 winlogon.exe 1 6 0 high
03fc svchost.exe 0 0 0 normal
0268 USBSRService.exe 0 0 0 normal
028c nvvsvc.exe 0 0 0 normal
02b0 svchost.exe 0 0 0 normal
01e4 svchost.exe 0 0 0 normal
0410 svchost.exe 0 0 0 normal
0444 svchost.exe 0 0 0 normal
04e4 svchost.exe 0 0 0 normal
0544 nvxdsync.exe 1 35 13 normal
054c nvvsvc.exe 1 20 9 normal
0598 svchost.exe 0 0 0 normal
0630 spoolsv.exe 0 0 0 normal
064c sched.exe 0 0 0 normal C:\Program Files (x86)
\Avira\AntiVir Desktop
06e8 dwm.exe 1 17 2 high
070c taskhost.exe 1 36 22 normal
0758 svchost.exe 0 0 0 normal
07cc explorer.exe 1 532 354 normal
0588 taskeng.exe 1 10 3 normal
06d0 taskeng.exe 1 10 3 normal
085c avguard.exe 0 0 0 normal C:\Program Files (x86)
\Avira\AntiVir Desktop
0870 lmgrd.exe 0 0 0 normal C:\Program Files (x86)
\ArcGIS\License10.0\bin
0878 ATKOSD2.exe 1 21 14 below normal C:\Program Files (x86)
\ASUS\ATK Package\ATKOSD2
08ac PCMAV.exe 1 228 118 below normal C:\PC MAV 9.9.1
08d4 conhost.exe 0 0 0 normal
08f0 lmgrd.exe 0 0 0 normal C:\Program Files (x86)
\ArcGIS\License10.0\bin
0998 HeciServer.exe 0 0 0 normal
09b0 jhi_service.exe 0 0 0 normal C:\Program Files (x86)
\Intel\Intel(R) Management Engine Components\DAL
09d0 SMSvcHost.exe 0 0 0 normal
0a58 AsusTPLoader.exe 1 15 7 below normal
0a78 QuickGesture64.exe 1 14 6 above normal
0a98 RAVCpl64.exe 1 54 20 normal
0ab8 hkcmd.exe 1 9 18 normal
0ae8 igfxpers.exe 1 9 4 normal
0af0 IDMan.exe 1 89 66 normal C:\Program Files (x86)
\Tonec
0b34 USBSafelyRemove.exe 1 355 82 normal C:\Program Files (x86)
\USB Safely Remove
0b6c HControlUser.exe 1 15 5 normal C:\Program Files (x86)
\ASUS\ATK Package\ATK Hotkey
0b78 DFX.exe 1 282 26 normal C:\Program Files (x86)
\DFX
0b88 PWRISOVM.EXE 1 18 8 normal C:\Program Files (x86)
\PowerISO
0bac avgnt.exe 1 76 52 normal C:\Program Files (x86)
\Avira\AntiVir Desktop
0bd0 WSHelper.exe 1 63 50 normal C:\Program Files (x86)
\Common Files\Wondershare\Wondershare Helper Compact
0bf8 QuickGesture.exe 1 14 6 above normal C:\Program Files (x86)
\ASUS\ASUS Smart Gesture\QuickGesture\x86
09c4 AsusTPCenter.exe 1 78 36 below normal
06a8 ARCGIS.exe 0 0 0 normal C:\Program Files (x86)
\ArcGIS\License10.0\bin
08c8 NitroPDFDriverService9x64.exe 0 0 0 normal
0b40 NLSSRV32.EXE 0 0 0 normal C:\Windows\SysWOW64
0c14 svchost.exe 0 0 0 normal
0de8 RTPshell.exe 1 32 29 normal c:\pc mav 9.9.1
0e94 avshadow.exe 0 0 0 normal
0f38 SearchIndexer.exe 0 0 0 normal
0f58 FNPLicensingService.exe 0 0 0 normal C:\Program Files (x86)
\Common Files\Macrovision Shared\FLEXnet Publisher
1004 svchost.exe 0 0 0 normal
115c AsusTPHelper.exe 1 15 7 below normal
11cc IEMonitor.exe 1 18 16 normal C:\Program Files (x86)
\Tonec
1188 svchost.exe 0 0 0 normal
08bc LMS.exe 0 0 0 normal C:\Program Files (x86)
\Intel\Intel(R) Management Engine Components\LMS
0bdc UNS.exe 0 0 0 normal C:\Program Files (x86)
\Intel\Intel(R) Management Engine Components\UNS
0cc8 splwow64.exe 1 4 2 normal
0984 WINWORD.EXE 1 309 93 normal C:\Program Files (x86)
\Microsoft Office\Office12
0ce4 dllhost.exe 1 9 5 normal
disassembling:
007acf98 public madCodeHook.LpcWorkerThread: ; function entry point
007acf98 push ebp
007acf99 mov ebp, esp
007acf9b add esp, -8
007acf9e push ebx
007acf9f push esi
007acfa0 push edi
007acfa1 mov ebx, [ebp+8]
007acfa4 xor eax, eax
007acfa6 mov [ebp-4], eax
007acfa4
007acfa9 loc_7acfa9:
007acfa9 push $ffffffff
007acfab mov eax, [ebx+8]
007acfae push eax
007acfaf call -$39b728 ($41188c) ; Winapi.Windows.WaitForSingleObject
007acfaf
007acfb4 test eax, eax
007acfb6 jnz loc_7ad046
007acfb6
007acfbc cmp dword ptr [ebx+$c], 0
007acfc0 jz loc_7ad046
007acfc0
007acfc6 mov eax, [ebx+$c]
007acfc9 mov esi, [ebx+$c]
007acfcc add eax, [esi+$20]
007acfcf mov edi, eax
007acfd1 mov eax, [esi+$14]
007acfd4 push eax
007acfd5 mov eax, [esi+$10]
007acfd8 push eax
007acfd9 mov eax, [edi+4]
007acfdc push eax
007acfdd lea eax, [edi+$14]
007acfe0 push eax
007acfe1 mov eax, [esi+4]
007acfe4 call -$3a4981 ($408668) ; System.@LStrToPChar
007acfe4
007acfe9 push eax
007acfea call dword ptr [esi+8]
007acfea
007acfed mov eax, [ebx+$c]
007acff0 > cmp dword ptr [eax+$14], 0
007acff4 jz loc_7ad00d
007acff4
007acff6 mov eax, [ebx+$c]
007acff9 mov eax, [eax+$1c]
007acffc push eax
007acffd call -$39b876 ($41178c) ; Winapi.Windows.SetEvent
007acffd
007ad002 mov eax, [ebx+$c]
007ad005 add eax, $c
007ad008 call -$b1d ($7ac4f0) ; madCodeHook.CloseIpcAnswer
007ad008
007ad00d loc_7ad00d:
007ad00d call -$39bac6 ($41154c) ; Winapi.Windows.GetTickCount
007ad00d
007ad012 mov [ebx+$10], eax
007ad015 mov eax, [ebx+$c]
007ad018 add eax, 4
007ad01b call -$3a54b8 ($407b68) ; System.@LStrClr
007ad01b
007ad020 mov eax, [ebx+$c]
007ad023 mov [ebp-8], eax
007ad026 xor eax, eax
007ad028 mov [ebx+$c], eax
007ad02b mov eax, [ebp-8]
007ad02e push eax
007ad02f call -$39b9b8 ($41167c) ; Winapi.Windows.LocalFree
007ad02f
007ad034 push 0
007ad036 push 1
007ad038 mov eax, [ebx+4]
007ad03b push eax
007ad03c call -$39b8f5 ($41174c) ; Winapi.Windows.ReleaseSemaphore
007ad03c
007ad041 jmp loc_7acfa9
007ad041
007ad041 ; ---------------------------------------------------------
007ad041
007ad046 loc_7ad046:
007ad046 mov eax, [ebp-4]
007ad049 pop edi
007ad04a pop esi
007ad04b pop ebx
007ad04c pop ecx
007ad04d pop ecx
007ad04e pop ebp
007ad04f ret 4
date/time : 2014-06-10, 11:34:57, 245ms
computer name : ASUS-PC
user name : ASUS <admin>
registered owner : Microsoft / Microsoft
operating system : Windows 7 x64 build 7600
system language : Indonesian
system up time : 3 hours
program up time : 3 hours
processors : 4x Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
physical memory : 176/1934 MB (free/total)
free disk space : (C:) 60,94 GB
display mode : 1366x768, 32 bit
process id : $874
allocated memory : 75,04 MB
largest free block : 1,43 GB
command line : "C:\PC MAV 9.9.1\PCMAV.exe" /RTP
executable : PCMAV.exe
exec. date/time : 2014-03-03 11:07
version : 9.9.0.0
compiled with : Delphi XE2
madExcept version : 4.0.8.1
callstack crc : $69e6717f, $43fedde5, $ed917ef4
count : 2
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 007ACFD9 in module 'PCMAV.exe'.
Read of address 00094C23.
thread $1268:
007acfd9 +041 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $c48 at:
007ad1c7 +173 PCMAV.exe madCodeHook LpcDispatchThread
main thread ($878):
75b14386 +00e USER32.dll WaitMessage
005ba0fd +149 PCMAV.exe Vcl.Forms TApplication.Idle
005b9323 +017 PCMAV.exe Vcl.Forms TApplication.HandleMessage
005b9649 +0c9 PCMAV.exe Vcl.Forms TApplication.Run
0087b400 +19c PCMAV.exe PCMAV 152 +54 initialization
758f3675 +010 kernel32.dll BaseThreadInitThunk
thread $984:
77cd00f6 +0e ntdll.dll NtWaitForMultipleObjects
758f3675 +10 kernel32.dll BaseThreadInitThunk
thread $b8c (TWorkerThread):
77ccf86a +0e ntdll.dll NtWaitForSingleObject
75d30810 +92 KERNELBASE.dll WaitForSingleObjectEx
758f117f +3e kernel32.dll WaitForSingleObjectEx
758f1133 +0d kernel32.dll WaitForSingleObject
0068b0d1 +19 PCMAV.exe VirtualTrees 6173 +3 TWorkerThread.Execute
004cc8cb +2b PCMAV.exe madExcept HookedTThreadExecute
00486faa +42 PCMAV.exe System.Classes ThreadProc
004079f0 +28 PCMAV.exe System 207 +0 ThreadWrapper
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
0068afc6 +16 PCMAV.exe VirtualTrees 6116 +1 TWorkerThread.Create
thread $bf4:
77ccf86a +0e ntdll.dll NtWaitForSingleObject
75d30810 +92 KERNELBASE.dll WaitForSingleObjectEx
758f117f +3e kernel32.dll WaitForSingleObjectEx
758f1133 +0d kernel32.dll WaitForSingleObject
005edc6b +2f PCMAV.exe MPThreadManager 898 +4 TCommonEventThread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $870:
77ccf86a +0e ntdll.dll NtWaitForSingleObject
75d30810 +92 KERNELBASE.dll WaitForSingleObjectEx
758f117f +3e kernel32.dll WaitForSingleObjectEx
758f1133 +0d kernel32.dll WaitForSingleObject
006c6829 +4d PCMAV.exe VirtualShellNotifier 2272 +9 TVirtualChangeDispatch
Thread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteS
tub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $8a8:
75b07eb8 +26 USER32.dll GetMessageW
006c5bef +bb PCMAV.exe VirtualShellNotifier 1930 +15 TVirtualShellChangeThrea
d.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStu
b
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $c44:
77ccf927 +00b ntdll.dll NtReplyWaitReceivePort
007ad3e0 +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
007ad8b8 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $c48: <priority:1>
77ccf86a +00e ntdll.dll NtWaitForSingleObject
75d30810 +092 KERNELBASE.dll WaitForSingleObjectEx
758f117f +03e kernel32.dll WaitForSingleObjectEx
758f1133 +00d kernel32.dll WaitForSingleObject
007ad066 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
007ad8d9 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $c60:
77ccf927 +00b ntdll.dll NtReplyWaitReceivePort
007ad3e0 +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
007ad8b8 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $c64: <priority:1>
77ccf86a +00e ntdll.dll NtWaitForSingleObject
75d30810 +092 KERNELBASE.dll WaitForSingleObjectEx
758f117f +03e kernel32.dll WaitForSingleObjectEx
758f1133 +00d kernel32.dll WaitForSingleObject
007ad066 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($878) at:
007ad8d9 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $d98 (TWndProc): <suspended>
0077ff4d +d PCMAV.exe UnitWndProc 36 +1 TWndProc.Execute
thread $d9c:
77ccf86a +0e ntdll.dll NtWaitForSingleObject
75d30810 +92 KERNELBASE.dll WaitForSingleObjectEx
758f117f +3e kernel32.dll WaitForSingleObjectEx
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $a78 at:
7359325b +00 rasman.dll
thread $398:
77cd1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
758f3675 +10 kernel32.dll BaseThreadInitThunk
thread $f88:
77ccf86a +00e ntdll.dll NtWaitForSingleObject
75d30810 +092 KERNELBASE.dll WaitForSingleObjectEx
758f117f +03e kernel32.dll WaitForSingleObjectEx
758f1133 +00d kernel32.dll WaitForSingleObject
007acfaf +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
758f3675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $c48 at:
007ad1c7 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $3e8:
77cd1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
758f3675 +10 kernel32.dll BaseThreadInitThunk
processes:
0000 Idle 0 0 0
0004 System 0 0 0
01a4 smss.exe 0 0 0 normal
0258 csrss.exe 0 0 0 normal
0300 wininit.exe 0 0 0 high
0314 csrss.exe 1 174 80 normal
0348 services.exe 0 0 0 normal
0350 lsass.exe 0 0 0 normal
0358 lsm.exe 0 0 0 normal
0390 winlogon.exe 1 6 0 high
03ec svchost.exe 0 0 0 normal
01d4 USBSRService.exe 0 0 0 normal
0278 nvvsvc.exe 0 0 0 normal
02ac svchost.exe 0 0 0 normal
033c svchost.exe 0 0 0 normal
02bc svchost.exe 0 0 0 normal
0430 svchost.exe 0 0 0 normal
04d0 svchost.exe 0 0 0 normal
054c svchost.exe 0 0 0 normal
0564 nvxdsync.exe 1 35 12 normal
056c nvvsvc.exe 1 23 9 normal
0618 spoolsv.exe 0 0 0 normal
0674 sched.exe 0 0 0 normal C:\Program Files (x
86)\Avira\AntiVir Desktop
06c0 svchost.exe 0 0 0 normal
0780 taskhost.exe 1 84 39 normal
07bc taskeng.exe 1 12 3 normal
0478 taskeng.exe 1 12 3 normal
06d4 dwm.exe 1 20 2 high
075c ATKOSD2.exe 1 21 14 below normal C:\Program Files (x
86)\ASUS\ATK Package\ATKOSD2
0424 explorer.exe 1 820 495 normal
0874 PCMAV.exe 1 239 116 below normal C:\PC MAV 9.9.1
087c avguard.exe 0 0 0 normal C:\Program Files (x
86)\Avira\AntiVir Desktop
0890 lmgrd.exe 0 0 0 normal C:\Program Files (x
86)\ArcGIS\License10.0\bin
08e4 AsusTPLoader.exe 1 15 7 below normal
08fc QuickGesture64.exe 1 14 6 above normal
0910 QuickGesture.exe 1 14 6 above normal C:\Program Files (x
86)\ASUS\ASUS Smart Gesture\QuickGesture\x86
0a18 conhost.exe 0 0 0 normal
0a20 HeciServer.exe 0 0 0 normal
0a40 lmgrd.exe 0 0 0 normal C:\Program Files (x
86)\ArcGIS\License10.0\bin
0a58 jhi_service.exe 0 0 0 normal C:\Program Files (x
86)\Intel\Intel(R) Management Engine Components\DAL
0a94 SMSvcHost.exe 0 0 0 normal
0aa0 ARCGIS.exe 0 0 0 normal C:\Program Files (x
86)\ArcGIS\License10.0\bin
0ac4 RAVCpl64.exe 1 54 20 normal
0af0 hkcmd.exe 1 17 17 normal
0b0c igfxpers.exe 1 12 4 normal
0b40 IDMan.exe 1 92 65 normal C:\Program Files (x
86)\Tonec
0b98 USBSafelyRemove.exe 1 358 82 normal C:\Program Files (x
86)\USB Safely Remove
0428 HControlUser.exe 1 18 5 normal C:\Program Files (x
86)\ASUS\ATK Package\ATK Hotkey
0750 PWRISOVM.EXE 1 18 8 normal C:\Program Files (x
86)\PowerISO
0730 avgnt.exe 1 114 57 normal C:\Program Files (x
86)\Avira\AntiVir Desktop
0928 WSHelper.exe 1 63 50 normal C:\Program Files (x
86)\Common Files\Wondershare\Wondershare Helper Compact
078c NitroPDFDriverService9x64.exe 0 0 0 normal
0454 NLSSRV32.EXE 0 0 0 normal C:\Windows\SysWOW64
0b60 DFX.exe 1 284 26 normal C:\Program Files (x
86)\DFX
0c78 AsusTPCenter.exe 1 78 35 below normal
0c80 RTPshell.exe 1 34 30 normal c:\pc mav 9.9.1
0cc0 svchost.exe 0 0 0 normal
0ec0 avshadow.exe 0 0 0 normal
0f98 SearchIndexer.exe 0 0 0 normal
0dc0 FNPLicensingService.exe 0 0 0 normal C:\Program Files (x
86)\Common Files\Macrovision Shared\FLEXnet Publisher
00a0 svchost.exe 0 0 0 normal
10ac AsusTPHelper.exe 1 15 7 below normal
10e0 IEMonitor.exe 1 20 16 normal C:\Program Files (x
86)\Tonec
0ffc svchost.exe 0 0 0 normal
0a0c LMS.exe 0 0 0 normal C:\Program Files (x
86)\Intel\Intel(R) Management Engine Components\LMS
0698 UNS.exe 0 0 0 normal C:\Program Files (x
86)\Intel\Intel(R) Management Engine Components\UNS
101c firefox.exe 1 113 66 normal C:\Program Files (x
86)\Mozilla Firefox
0dc4 wmpnetwk.exe 0 0 0 normal
0f44 plugin-container.exe 1 25 29 normal C:\Program Files (x
86)\Mozilla Firefox
1390 FlashPlayerPlugin_13_0_0_214.exe 1 9 11 normal C:\Windows\SysWOW64
\Macromed\Flash
1054 FlashPlayerPlugin_13_0_0_214.exe 1 38 54 normal C:\Windows\SysWOW64
\Macromed\Flash
12b8 audiodg.exe 0 0 0 normal
0a68 WarKey.exe 1 198 161 normal D:
0534 War3.exe 1 15 13 normal D:\DotA Medan
137c SearchProtocolHost.exe 0 0 0 idle
12c0 SearchFilterHost.exe 0 0 0 idle
disassembling:
007acf98 public madCodeHook.LpcWorkerThread: ; function entry point
007acf98 push ebp
007acf99 mov ebp, esp
007acf9b add esp, -8
007acf9e push ebx
007acf9f push esi
007acfa0 push edi
007acfa1 mov ebx, [ebp+8]
007acfa4 xor eax, eax
007acfa6 mov [ebp-4], eax
007acfa4
007acfa9 loc_7acfa9:
007acfa9 push $ffffffff
007acfab mov eax, [ebx+8]
007acfae push eax
007acfaf call -$39b728 ($41188c) ; Winapi.Windows.WaitForSingleObject
007acfaf
007acfb4 test eax, eax
007acfb6 jnz loc_7ad046
007acfb6
007acfbc cmp dword ptr [ebx+$c], 0
007acfc0 jz loc_7ad046
007acfc0
007acfc6 mov eax, [ebx+$c]
007acfc9 mov esi, [ebx+$c]
007acfcc add eax, [esi+$20]
007acfcf mov edi, eax
007acfd1 mov eax, [esi+$14]
007acfd4 push eax
007acfd5 mov eax, [esi+$10]
007acfd8 push eax
007acfd9 > mov eax, [edi+4]
007acfdc push eax
007acfdd lea eax, [edi+$14]
007acfe0 push eax
007acfe1 mov eax, [esi+4]
007acfe4 call -$3a4981 ($408668) ; System.@LStrToPChar
007acfe4
007acfe9 push eax
007acfea call dword ptr [esi+8]
007acfea
007acfed mov eax, [ebx+$c]
007acff0 cmp dword ptr [eax+$14], 0
007acff4 jz loc_7ad00d
007acff4
007acff6 mov eax, [ebx+$c]
007acff9 mov eax, [eax+$1c]
007acffc push eax
007acffd call -$39b876 ($41178c) ; Winapi.Windows.SetEvent
007acffd
007ad002 mov eax, [ebx+$c]
007ad005 add eax, $c
007ad008 call -$b1d ($7ac4f0) ; madCodeHook.CloseIpcAnswer
007ad008
007ad00d loc_7ad00d:
007ad00d call -$39bac6 ($41154c) ; Winapi.Windows.GetTickCount
007ad00d
007ad012 mov [ebx+$10], eax
007ad015 mov eax, [ebx+$c]
007ad018 add eax, 4
007ad01b call -$3a54b8 ($407b68) ; System.@LStrClr
007ad01b
007ad020 mov eax, [ebx+$c]
007ad023 mov [ebp-8], eax
007ad026 xor eax, eax
007ad028 mov [ebx+$c], eax
007ad02b mov eax, [ebp-8]
007ad02e push eax
007ad02f call -$39b9b8 ($41167c) ; Winapi.Windows.LocalFree
007ad02f
007ad034 push 0
007ad036 push 1
007ad038 mov eax, [ebx+4]
007ad03b push eax
007ad03c call -$39b8f5 ($41174c) ; Winapi.Windows.ReleaseSemaphore
007ad03c
007ad041 jmp loc_7acfa9
007ad041
007ad041 ; ---------------------------------------------------------
007ad041
007ad046 loc_7ad046:
007ad046 mov eax, [ebp-4]
007ad049 pop edi
007ad04a pop esi
007ad04b pop ebx
007ad04c pop ecx
007ad04d pop ecx
007ad04e pop ebp
007ad04f ret 4
date/time : 2014-07-15, 14:46:19, 492ms
computer name : ASUS-PC
user name : ASUS <admin>
registered owner : Microsoft / Microsoft
operating system : Windows 7 x64 build 7600
system language : Indonesian
system up time : 6 hours 19 minutes
program up time : 6 hours 18 minutes
processors : 4x Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
physical memory : 1138/1934 MB (free/total)
free disk space : (C:) 61,20 GB
display mode : 1366x768, 32 bit
process id : $9b8
allocated memory : 74,30 MB
largest free block : 1,44 GB
command line : "C:\PC MAV 9.9.1\PCMAV.exe" /RTP
executable : PCMAV.exe
exec. date/time : 2014-04-29 13:14
version : 9.9.3.0
compiled with : Delphi XE2
madExcept version : 4.0.8.1
callstack crc : $69e6717f, $43fedde5, $09579dfb
count : 2
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 007AD445 in module 'PCMAV.exe'.
Read of address F4B48A49.
thread $5a8:
007ad445 +041 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
main thread ($9bc):
005fc960 +024 PCMAV.exe MPShellUtilities 5010 +6 TNamespace.GetCompress
ed
006e063a +07a PCMAV.exe VirtualExplorerTree 4972 +8 TCustomVirtualExplorer
Tree.DoPaintText
006b851c +05c PCMAV.exe VirtualTrees 34404 +5 TCustomVirtualStringTr
ee.CalculateTextWidth
00601ecd +07d PCMAV.exe MPShellUtilities 7448 +6 TNamespace.InvalidateR
elativePIDL
006e63bb +4bf PCMAV.exe VirtualExplorerTree 8091 +146 TCustomVirtualExplorer
Tree.WMShellNotify
0050c504 +2d4 PCMAV.exe Vcl.Controls TControl.WndProc
00510e4f +5b3 PCMAV.exe Vcl.Controls TWinControl.WndProc
006ab96c +0e8 PCMAV.exe VirtualTrees 26506 +32 TBaseVirtualTree.WndPr
oc
005104a4 +02c PCMAV.exe Vcl.Controls TWinControl.MainWndPro
c
00489fd4 +014 PCMAV.exe System.Classes StdWndProc
75547df5 +00a USER32.dll DispatchMessageW
005b92d3 +0f3 PCMAV.exe Vcl.Forms TApplication.ProcessMe
ssage
005b9316 +00a PCMAV.exe Vcl.Forms TApplication.HandleMes
sage
005b9649 +0c9 PCMAV.exe Vcl.Forms TApplication.Run
0087c404 +19c PCMAV.exe PCMAV 152 +54 initialization
76cd3675 +010 kernel32.dll BaseThreadInitThunk
thread $bac:
777600f6 +0e ntdll.dll NtWaitForMultipleObjects
76cd3675 +10 kernel32.dll BaseThreadInitThunk
thread $e64 (TWorkerThread):
7554cd7c +47 USER32.dll SendMessageW
0068b0ac +38 PCMAV.exe VirtualTrees 6157 +2 TWorkerThread.ChangeTreeStates
0068b186 +ce PCMAV.exe VirtualTrees 6198 +28 TWorkerThread.Execute
004cc8cb +2b PCMAV.exe madExcept HookedTThreadExecute
00486faa +42 PCMAV.exe System.Classes ThreadProc
004079f0 +28 PCMAV.exe System 207 +0 ThreadWrapper
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
0068afc6 +16 PCMAV.exe VirtualTrees 6116 +1 TWorkerThread.Create
thread $e80:
777600f6 +0e ntdll.dll NtWaitForMultipleObjects
7639095c +fa KERNELBASE.dll WaitForMultipleObjectsEx
76cd1628 +89 kernel32.dll WaitForMultipleObjectsEx
755503d4 +f4 USER32.dll MsgWaitForMultipleObjectsEx
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $e7c at:
768f480b +00 SHLWAPI.dll
thread $ed0:
7775f86a +0e ntdll.dll NtWaitForSingleObject
76390810 +92 KERNELBASE.dll WaitForSingleObjectEx
76cd117f +3e kernel32.dll WaitForSingleObjectEx
76cd1133 +0d kernel32.dll WaitForSingleObject
005edc6b +2f PCMAV.exe MPThreadManager 898 +4 TCommonEventThread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $ed4:
7775f86a +0e ntdll.dll NtWaitForSingleObject
76390810 +92 KERNELBASE.dll WaitForSingleObjectEx
76cd117f +3e kernel32.dll WaitForSingleObjectEx
76cd1133 +0d kernel32.dll WaitForSingleObject
006c6829 +4d PCMAV.exe VirtualShellNotifier 2272 +9 TVirtualChangeDispatch
Thread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteS
tub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $ed8:
75547eb8 +26 USER32.dll GetMessageW
006c5bef +bb PCMAV.exe VirtualShellNotifier 1930 +15 TVirtualShellChangeThrea
d.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStu
b
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $f64:
7775f927 +00b ntdll.dll NtReplyWaitReceivePort
007ad84c +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
007add24 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $f68: <priority:1>
7775f86a +00e ntdll.dll NtWaitForSingleObject
76390810 +092 KERNELBASE.dll WaitForSingleObjectEx
76cd117f +03e kernel32.dll WaitForSingleObjectEx
76cd1133 +00d kernel32.dll WaitForSingleObject
007ad4d2 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
007add45 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $f74:
7775f927 +00b ntdll.dll NtReplyWaitReceivePort
007ad84c +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
007add24 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $f78: <priority:1>
7775f86a +00e ntdll.dll NtWaitForSingleObject
76390810 +092 KERNELBASE.dll WaitForSingleObjectEx
76cd117f +03e kernel32.dll WaitForSingleObjectEx
76cd1133 +00d kernel32.dll WaitForSingleObject
007ad4d2 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
007add45 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $d2c (TWndProc): <suspended>
007803b9 +d PCMAV.exe UnitWndProc 36 +1 TWndProc.Execute
thread $6d8:
7775f86a +0e ntdll.dll NtWaitForSingleObject
76390810 +92 KERNELBASE.dll WaitForSingleObjectEx
76cd117f +3e kernel32.dll WaitForSingleObjectEx
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $e20 at:
7300325b +00 rasman.dll
thread $6c4:
7775f86a +00e ntdll.dll NtWaitForSingleObject
76390810 +092 KERNELBASE.dll WaitForSingleObjectEx
76cd117f +03e kernel32.dll WaitForSingleObjectEx
76cd1133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $55c:
77761edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
76cd3675 +10 kernel32.dll BaseThreadInitThunk
thread $1490 (TCollectStat):
7775f86a +00e ntdll.dll NtWaitForSingleObject
769e302b +05b WS2_32.dll WahReferenceContextByHandle
769e4a1d +09c WS2_32.dll select
007e70be +04a PCMAV.exe IdStackWindows TIdSocketListWindows.FDSelec
t
007e705c +020 PCMAV.exe IdStackWindows TIdSocketListWindows.SelectR
ead
00814cce +006 PCMAV.exe IdSocketHandle TIdSocketHandle.Select
00814a98 +044 PCMAV.exe IdSocketHandle CheckIsReadable
00814b30 +06c PCMAV.exe IdSocketHandle TIdSocketHandle.Readable
008162b6 +006 PCMAV.exe IdIOHandlerStack TIdIOHandlerStack.Readable
00811c78 +080 PCMAV.exe IdIOHandler TIdIOHandler.ReadFromSource
00811881 +141 PCMAV.exe IdIOHandler TIdIOHandler.ReadLn
008116c5 +019 PCMAV.exe IdIOHandler TIdIOHandler.ReadLn
0084cb7f +023 PCMAV.exe IdHTTP TIdCustomHTTP.InternalReadLn
0084ceb2 +156 PCMAV.exe IdHTTP TIdCustomHTTP.DoRequest
00848b32 +082 PCMAV.exe IdHTTP TIdCustomHTTP.Post
008492c4 +0b4 PCMAV.exe IdHTTP TIdCustomHTTP.Post
008493ce +056 PCMAV.exe IdHTTP TIdCustomHTTP.Post
0085affb +243 PCMAV.exe unitCollectStat 412 +55 PostData
00859aaf +007 PCMAV.exe unitCollectStat 81 +0 TCollectStat.Execute
004cc8cb +02b PCMAV.exe madExcept HookedTThreadExecute
00486faa +042 PCMAV.exe System.Classes ThreadProc
004079f0 +028 PCMAV.exe System 207 +0 ThreadWrapper
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
76cd3675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($9bc) at:
00859a53 +043 PCMAV.exe unitCollectStat 68 +11 TCollectStat.CreateIt
processes:
0000 Idle 0 0 0
0004 System 0 0 0
01a4 smss.exe 0 0 0 normal
0258 csrss.exe 0 0 0 normal
0304 wininit.exe 0 0 0 high
0318 csrss.exe 1 174 80 normal
0350 services.exe 0 0 0 normal
0358 lsass.exe 0 0 0 normal
0360 lsm.exe 0 0 0 normal
0394 winlogon.exe 1 6 0 high
03f0 svchost.exe 0 0 0 normal
01d4 USBSRService.exe 0 0 0 normal
0274 nvvsvc.exe 0 0 0 normal
02a4 svchost.exe 0 0 0 normal
031c svchost.exe 0 0 0 normal
030c svchost.exe 0 0 0 normal
042c svchost.exe 0 0 0 normal
04bc svchost.exe 0 0 0 normal
0540 nvxdsync.exe 1 32 14 normal
0548 nvvsvc.exe 1 20 9 normal
05cc svchost.exe 0 0 0 normal
0668 spoolsv.exe 0 0 0 normal
0684 sched.exe 0 0 0 normal C:\Program Files (x
86)\Avira\AntiVir Desktop
069c svchost.exe 0 0 0 normal
0410 taskhost.exe 1 99 44 normal
07cc dwm.exe 1 16 2 high
0834 explorer.exe 1 712 434 normal
0880 avguard.exe 0 0 0 normal C:\Program Files (x
86)\Avira\AntiVir Desktop
0894 lmgrd.exe 0 0 0 normal C:\Program Files (x
86)\ArcGIS\License10.1\bin
08b0 conhost.exe 0 0 0 normal
08c0 lmgrd.exe 0 0 0 normal C:\Program Files (x
86)\ArcGIS\License10.1\bin
0964 taskeng.exe 1 9 3 normal
0988 taskeng.exe 1 9 3 normal
09ac ATKOSD2.exe 1 22 14 below normal C:\Program Files (x
86)\ASUS\ATK Package\ATKOSD2
09b8 PCMAV.exe 1 225 115 below normal C:\PC MAV 9.9.1
09c0 HeciServer.exe 0 0 0 normal
09d8 jhi_service.exe 0 0 0 normal C:\Program Files (x
86)\Intel\Intel(R) Management Engine Components\DAL
0a08 ARCGIS.exe 0 0 0 normal C:\Program Files (x
86)\ArcGIS\License10.1\bin
0a18 SMSvcHost.exe 0 0 0 normal
0a28 AsusTPLoader.exe 1 15 7 below normal
0a44 QuickGesture64.exe 1 14 6 above normal
0a58 QuickGesture.exe 1 14 6 above normal C:\Program Files (x
86)\ASUS\ASUS Smart Gesture\QuickGesture\x86
0a9c NitroPDFDriverService9x64.exe 0 0 0 normal
0acc NLSSRV32.EXE 0 0 0 normal C:\Windows\SysWOW64
0af0 svchost.exe 0 0 0 normal
0b84 avshadow.exe 0 0 0 normal
0960 FNPLicensingService.exe 0 0 0 normal C:\Program Files (x
86)\Common Files\Macrovision Shared\FLEXnet Publisher
0c08 svchost.exe 0 0 0 normal
0da0 AsusTPCenter.exe 1 78 35 below normal
0ec4 AsusTPHelper.exe 1 15 7 below normal
0eec SearchIndexer.exe 0 0 0 normal
0f9c RTPshell.exe 1 32 28 normal c:\pc mav 9.9.1
0e08 RAVCpl64.exe 1 54 20 normal
0e2c hkcmd.exe 1 9 17 normal
0e9c igfxpers.exe 1 9 4 normal
0e70 IDMan.exe 1 89 65 normal C:\Program Files (x
86)\Tonec
0ca0 USBSafelyRemove.exe 1 399 101 normal C:\Program Files (x
86)\USB Safely Remove
0d30 IEMonitor.exe 1 18 16 normal C:\Program Files (x
86)\Tonec
08fc HControlUser.exe 1 15 5 normal C:\Program Files (x
86)\ASUS\ATK Package\ATK Hotkey
0900 PWRISOVM.EXE 1 18 8 normal C:\Program Files (x
86)\PowerISO
0804 avgnt.exe 1 116 58 normal C:\Program Files (x
86)\Avira\AntiVir Desktop
0f6c DFX.exe 1 282 26 normal C:\Program Files (x
86)\DFX
0e6c WSHelper.exe 1 63 50 normal C:\Program Files (x
86)\Common Files\Wondershare\Wondershare Helper Compact
1058 svchost.exe 0 0 0 normal
1054 LMS.exe 0 0 0 normal C:\Program Files (x
86)\Intel\Intel(R) Management Engine Components\LMS
1104 wmpnetwk.exe 0 0 0 normal
0b54 UNS.exe 0 0 0 normal C:\Program Files (x
86)\Intel\Intel(R) Management Engine Components\UNS
06b8 firefox.exe 1 148 100 normal C:\Program Files (x
86)\Mozilla Firefox
0930 afom.exe 1 20 20 normal C:\Users\ASUS\AppDa
ta\Roaming\Mozilla\Firefox\Profiles\w69e7s4b.default\extensions\{E173B749-DB5B-4
fd2-BA0E-94ECEA0CA55B}\components
1298 audiodg.exe 0 0 0
0cdc AIPS.exe 0 0 0 normal C:\Program Files (x
86)\netcut\services
13ec plugin-container.exe 1 17 19 normal C:\Program Files (x
86)\Mozilla Firefox
0f10 FlashPlayerPlugin_14_0_0_125.exe 1 9 8 normal C:\Windows\SysWOW64
\Macromed\Flash
02ac FlashPlayerPlugin_14_0_0_125.exe 1 18 31 normal C:\Windows\SysWOW64
\Macromed\Flash
1680 svchost.exe 0 0 0 normal
disassembling:
007ad404 public madCodeHook.LpcWorkerThread: ; function entry point
007ad404 push ebp
007ad405 mov ebp, esp
007ad407 add esp, -8
007ad40a push ebx
007ad40b push esi
007ad40c push edi
007ad40d mov ebx, [ebp+8]
007ad410 xor eax, eax
007ad412 mov [ebp-4], eax
007ad410
007ad415 loc_7ad415:
007ad415 push $ffffffff
007ad417 mov eax, [ebx+8]
007ad41a push eax
007ad41b call -$39bb94 ($41188c) ; Winapi.Windows.WaitForSingleObject
007ad41b
007ad420 test eax, eax
007ad422 jnz loc_7ad4b2
007ad422
007ad428 cmp dword ptr [ebx+$c], 0
007ad42c jz loc_7ad4b2
007ad42c
007ad432 mov eax, [ebx+$c]
007ad435 mov esi, [ebx+$c]
007ad438 add eax, [esi+$20]
007ad43b mov edi, eax
007ad43d mov eax, [esi+$14]
007ad440 push eax
007ad441 mov eax, [esi+$10]
007ad444 push eax
007ad445 > mov eax, [edi+4]
007ad448 push eax
007ad449 lea eax, [edi+$14]
007ad44c push eax
007ad44d mov eax, [esi+4]
007ad450 call -$3a4ded ($408668) ; System.@LStrToPChar
007ad450
007ad455 push eax
007ad456 call dword ptr [esi+8]
007ad456
007ad459 mov eax, [ebx+$c]
007ad45c cmp dword ptr [eax+$14], 0
007ad460 jz loc_7ad479
007ad460
007ad462 mov eax, [ebx+$c]
007ad465 mov eax, [eax+$1c]
007ad468 push eax
007ad469 call -$39bce2 ($41178c) ; Winapi.Windows.SetEvent
007ad469
007ad46e mov eax, [ebx+$c]
007ad471 add eax, $c
007ad474 call -$b1d ($7ac95c) ; madCodeHook.CloseIpcAnswer
007ad474
007ad479 loc_7ad479:
007ad479 call -$39bf32 ($41154c) ; Winapi.Windows.GetTickCount
007ad479
007ad47e mov [ebx+$10], eax
007ad481 mov eax, [ebx+$c]
007ad484 add eax, 4
007ad487 call -$3a5924 ($407b68) ; System.@LStrClr
007ad487
007ad48c mov eax, [ebx+$c]
007ad48f mov [ebp-8], eax
007ad492 xor eax, eax
007ad494 mov [ebx+$c], eax
007ad497 mov eax, [ebp-8]
007ad49a push eax
007ad49b call -$39be24 ($41167c) ; Winapi.Windows.LocalFree
007ad49b
007ad4a0 push 0
007ad4a2 push 1
007ad4a4 mov eax, [ebx+4]
007ad4a7 push eax
007ad4a8 call -$39bd61 ($41174c) ; Winapi.Windows.ReleaseSemaphore
007ad4a8
007ad4ad jmp loc_7ad415
007ad4ad
007ad4ad ; ---------------------------------------------------------
007ad4ad
007ad4b2 loc_7ad4b2:
007ad4b2 mov eax, [ebp-4]
007ad4b5 pop edi
007ad4b6 pop esi
007ad4b7 pop ebx
007ad4b8 pop ecx
007ad4b9 pop ecx
007ad4ba pop ebp
007ad4bb ret 4
date/time : 2014-07-25, 21:26:06, 748ms
computer name : ASUS-PC
user name : ASUS <admin>
registered owner : Microsoft / Microsoft
operating system : Windows 7 x64 build 7600
system language : Indonesian
system up time : 1 hour 5 minutes
program up time : 1 hour 4 minutes
processors : 4x Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
physical memory : 1151/1934 MB (free/total)
free disk space : (C:) 58,29 GB
display mode : 1366x768, 32 bit
process id : $a48
allocated memory : 53,32 MB
largest free block : 1,40 GB
command line : "C:\PC MAV 9.9.1\PCMAV.exe" /RTP
executable : PCMAV.exe
exec. date/time : 2014-04-29 13:14
version : 9.9.3.0
compiled with : Delphi XE2
madExcept version : 4.0.8.1
callstack crc : $001615f8, $cac264f5, $4d226a46
count : 8
exception number : 2
exception class : EAccessViolation
exception message : Access violation at address 007AD45C in module 'PCMAV.exe'.
Read of address 00000014.
thread $1084:
007ad45c +058 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
main thread ($a4c):
769a4386 +00e USER32.dll WaitMessage
005ba0fd +149 PCMAV.exe Vcl.Forms TApplication.Idle
005b9323 +017 PCMAV.exe Vcl.Forms TApplication.HandleMessage
005b9649 +0c9 PCMAV.exe Vcl.Forms TApplication.Run
0087c404 +19c PCMAV.exe PCMAV 152 +54 initialization
74d73675 +010 kernel32.dll BaseThreadInitThunk
thread $ac8:
76fb00f6 +0e ntdll.dll NtWaitForMultipleObjects
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $bf0:
76fb1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $bfc (TWorkerThread):
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
74d71133 +0d kernel32.dll WaitForSingleObject
0068b0d1 +19 PCMAV.exe VirtualTrees 6173 +3 TWorkerThread.Execute
004cc8cb +2b PCMAV.exe madExcept HookedTThreadExecute
00486faa +42 PCMAV.exe System.Classes ThreadProc
004079f0 +28 PCMAV.exe System 207 +0 ThreadWrapper
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
0068afc6 +16 PCMAV.exe VirtualTrees 6116 +1 TWorkerThread.Create
thread $d58:
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
74d71133 +0d kernel32.dll WaitForSingleObject
005edc6b +2f PCMAV.exe MPThreadManager 898 +4 TCommonEventThread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $d74:
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
74d71133 +0d kernel32.dll WaitForSingleObject
006c6829 +4d PCMAV.exe VirtualShellNotifier 2272 +9 TVirtualChangeDispatch
Thread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteS
tub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $d78:
76997eb8 +26 USER32.dll GetMessageW
006c5bef +bb PCMAV.exe VirtualShellNotifier 1930 +15 TVirtualShellChangeThrea
d.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStu
b
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $f64:
76faf927 +00b ntdll.dll NtReplyWaitReceivePort
007ad84c +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
007add24 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $f68: <priority:1>
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad4d2 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
007add45 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $f7c:
76faf927 +00b ntdll.dll NtReplyWaitReceivePort
007ad84c +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
007add24 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $f80: <priority:1>
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad4d2 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($a4c) at:
007add45 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $fa0 (TWndProc): <suspended>
007803b9 +d PCMAV.exe UnitWndProc 36 +1 TWndProc.Execute
thread $f08:
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $bf4 at:
70b5325b +00 rasman.dll
thread $129c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $167c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $aec:
76fb1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $13c4:
76fb1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $a2c: <priority:1>
76faf8f2 +0e ntdll.dll NtRemoveIoCompletion
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $174c at:
6e79c3df +00 mswsock.dll
thread $10c8:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $cb8:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $1500:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $790:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $714:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $10dc:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $f2c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $15e8:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $16ec:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $14dc:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $16a0:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $f68 at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
processes:
0000 Idle 0 0 0
0004 System 0 0 0
01c4 smss.exe 0 0 0 normal
028c csrss.exe 0 0 0 normal
0348 wininit.exe 0 0 0 high
035c csrss.exe 1 174 80 normal
0388 services.exe 0 0 0 normal
0398 lsass.exe 0 0 0 normal
03b8 winlogon.exe 1 6 0 high
03d4 lsm.exe 0 0 0 normal
01f4 svchost.exe 0 0 0 normal
02d0 USBSRService.exe 0 0 0 normal
02f4 nvvsvc.exe 0 0 0 normal
0314 svchost.exe 0 0 0 normal
0418 svchost.exe 0 0 0 normal
0440 svchost.exe 0 0 0 normal
045c svchost.exe 0 0 0 normal
04b0 audiodg.exe 0 0 0
04f4 svchost.exe 0 0 0 normal
057c nvxdsync.exe 1 35 12 normal
0584 nvvsvc.exe 1 23 9 normal
058c AIPS.exe 0 0 0 normal C:\Program Files (x86
)\netcut\services
05cc 360rps.exe 0 0 0 normal
05ec QHActiveDefense.exe 0 0 0 normal C:\Program Files\360\
360 Internet Security\deepscan
0620 svchost.exe 0 0 0 normal
0724 spoolsv.exe 0 0 0 normal
0758 sched.exe 0 0 0 normal C:\Program Files (x86
)\Avira\AntiVir Desktop
07d8 dwm.exe 1 18 2 high
07ec svchost.exe 0 0 0 normal
0634 taskhost.exe 1 66 31 normal
087c explorer.exe 1 1111 549 normal
0964 avguard.exe 0 0 0 normal C:\Program Files (x86
)\Avira\AntiVir Desktop
097c lmgrd.exe 0 0 0 normal C:\Program Files (x86
)\ArcGIS\License10.1\bin
09a4 conhost.exe 0 0 0 normal
09b4 lmgrd.exe 0 0 0 normal C:\Program Files (x86
)\ArcGIS\License10.1\bin
09c4 taskeng.exe 1 12 3 normal
09fc taskeng.exe 1 12 3 normal
0a0c ABService.exe 0 0 0 normal C:\Program Files (x86
)\AOMEI Backupper Standard Edition 2.0
0a24 ATKOSD2.exe 1 22 14 below normal C:\Program Files (x86
)\ASUS\ATK Package\ATKOSD2
0a48 PCMAV.exe 1 227 114 below normal C:\PC MAV 9.9.1
0a60 AsusTPLoader.exe 1 15 7 below normal
0a78 QuickGesture64.exe 1 14 6 above normal
0a88 QuickGesture.exe 1 14 6 above normal C:\Program Files (x86
)\ASUS\ASUS Smart Gesture\QuickGesture\x86
0b10 hkcmd.exe 1 17 17 normal
0b68 igfxpers.exe 1 12 4 normal
0ba4 ClassicStartMenu.exe 1 9 4 normal
0bc0 IDMan.exe 1 92 65 normal C:\Program Files (x86
)\Tonec
0bd8 USBSafelyRemove.exe 1 358 82 normal C:\Program Files (x86
)\USB Safely Remove
0be0 360sd.exe 1 400 255 normal
08b4 ARCGIS.exe 0 0 0 normal C:\Program Files (x86
)\ArcGIS\License10.1\bin
09bc HControlUser.exe 1 18 5 normal C:\Program Files (x86
)\ASUS\ATK Package\ATK Hotkey
07a0 PWRISOVM.EXE 1 18 8 normal C:\Program Files (x86
)\PowerISO
0c28 avgnt.exe 1 79 52 normal C:\Program Files (x86
)\Avira\AntiVir Desktop
0c34 WSHelper.exe 1 63 50 normal C:\Program Files (x86
)\Common Files\Wondershare\Wondershare Helper Compact
0c6c HeciServer.exe 0 0 0 normal
0c8c jhi_service.exe 0 0 0 normal C:\Program Files (x86
)\Intel\Intel(R) Management Engine Components\DAL
0ca8 SMSvcHost.exe 0 0 0 normal
0cbc DFX.exe 1 545 31 normal C:\Program Files (x86
)\DFX
0ddc 360rp.exe 1 9 2 normal
0e28 360tray.exe 1 206 68 normal C:\Program Files\360\
360 Internet Security\safemon
0fa8 RTPshell.exe 1 34 30 normal c:\pc mav 9.9.1
0fd8 NitroPDFDriverService9x64.exe 0 0 0 normal
0a14 NLSSRV32.EXE 0 0 0 normal C:\Windows\SysWOW64
07d0 svchost.exe 0 0 0 normal
0e34 RAVCpl64.exe 1 54 20 below normal
0e8c RAVBg64.exe 1 17 17 below normal
10fc WmiPrvSE.exe 0 0 0 normal
1150 AsusTPCenter.exe 1 78 35 below normal
1204 avshadow.exe 0 0 0 normal
12dc SearchIndexer.exe 0 0 0 normal
0d90 FNPLicensingService.exe 0 0 0 normal C:\Program Files (x86
)\Common Files\Macrovision Shared\FLEXnet Publisher
0b3c svchost.exe 0 0 0 normal
155c AsusTPHelper.exe 1 15 7 below normal
11b4 LMS.exe 0 0 0 normal C:\Program Files (x86
)\Intel\Intel(R) Management Engine Components\LMS
0fa4 wmpnetwk.exe 0 0 0 normal
15b8 UNS.exe 0 0 0 normal C:\Program Files (x86
)\Intel\Intel(R) Management Engine Components\UNS
1664 svchost.exe 0 0 0 normal
16e0 IEMonitor.exe 1 20 16 normal C:\Program Files (x86
)\Tonec
1738 AIMP3.exe 1 284 92 normal C:\Program Files (x86
)\AIMP3
1550 WarKey.exe 1 219 163 normal D:
1198 dinotify.exe 1 64 20 normal
17d0 WmiPrvSE.exe 0 0 0 normal
1700 WUDFHost.exe 0 0 0 normal
disassembling:
007ad404 public madCodeHook.LpcWorkerThread: ; function entry point
007ad404 push ebp
007ad405 mov ebp, esp
007ad407 add esp, -8
007ad40a push ebx
007ad40b push esi
007ad40c push edi
007ad40d mov ebx, [ebp+8]
007ad410 xor eax, eax
007ad412 mov [ebp-4], eax
007ad410
007ad415 loc_7ad415:
007ad415 push $ffffffff
007ad417 mov eax, [ebx+8]
007ad41a push eax
007ad41b call -$39bb94 ($41188c) ; Winapi.Windows.WaitForSingleObject
007ad41b
007ad420 test eax, eax
007ad422 jnz loc_7ad4b2
007ad422
007ad428 cmp dword ptr [ebx+$c], 0
007ad42c jz loc_7ad4b2
007ad42c
007ad432 mov eax, [ebx+$c]
007ad435 mov esi, [ebx+$c]
007ad438 add eax, [esi+$20]
007ad43b mov edi, eax
007ad43d mov eax, [esi+$14]
007ad440 push eax
007ad441 mov eax, [esi+$10]
007ad444 push eax
007ad445 mov eax, [edi+4]
007ad448 push eax
007ad449 lea eax, [edi+$14]
007ad44c push eax
007ad44d mov eax, [esi+4]
007ad450 call -$3a4ded ($408668) ; System.@LStrToPChar
007ad450
007ad455 push eax
007ad456 call dword ptr [esi+8]
007ad456
007ad459 mov eax, [ebx+$c]
007ad45c > cmp dword ptr [eax+$14], 0
007ad460 jz loc_7ad479
007ad460
007ad462 mov eax, [ebx+$c]
007ad465 mov eax, [eax+$1c]
007ad468 push eax
007ad469 call -$39bce2 ($41178c) ; Winapi.Windows.SetEvent
007ad469
007ad46e mov eax, [ebx+$c]
007ad471 add eax, $c
007ad474 call -$b1d ($7ac95c) ; madCodeHook.CloseIpcAnswer
007ad474
007ad479 loc_7ad479:
007ad479 call -$39bf32 ($41154c) ; Winapi.Windows.GetTickCount
007ad479
007ad47e mov [ebx+$10], eax
007ad481 mov eax, [ebx+$c]
007ad484 add eax, 4
007ad487 call -$3a5924 ($407b68) ; System.@LStrClr
007ad487
007ad48c mov eax, [ebx+$c]
007ad48f mov [ebp-8], eax
007ad492 xor eax, eax
007ad494 mov [ebx+$c], eax
007ad497 mov eax, [ebp-8]
007ad49a push eax
007ad49b call -$39be24 ($41167c) ; Winapi.Windows.LocalFree
007ad49b
007ad4a0 push 0
007ad4a2 push 1
007ad4a4 mov eax, [ebx+4]
007ad4a7 push eax
007ad4a8 call -$39bd61 ($41174c) ; Winapi.Windows.ReleaseSemaphore
007ad4a8
007ad4ad jmp loc_7ad415
007ad4ad
007ad4ad ; ---------------------------------------------------------
007ad4ad
007ad4b2 loc_7ad4b2:
007ad4b2 mov eax, [ebp-4]
007ad4b5 pop edi
007ad4b6 pop esi
007ad4b7 pop ebx
007ad4b8 pop ecx
007ad4b9 pop ecx
007ad4ba pop ebp
007ad4bb ret 4
date/time : 2014-07-25, 23:38:54, 250ms
computer name : ASUS-PC
user name : ASUS <admin>
registered owner : Microsoft / Microsoft
operating system : Windows 7 x64 build 7600
system language : Indonesian
system up time : 3 hours 17 minutes
program up time : 2 hours 12 minutes
processors : 4x Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
physical memory : 714/1934 MB (free/total)
free disk space : (C:) 58,28 GB
display mode : 1366x768, 32 bit
process id : $ef8
allocated memory : 52,30 MB
largest free block : 1,41 GB
command line : "C:\PC MAV 9.9.1\PCMAV.exe" /RTP
executable : PCMAV.exe
exec. date/time : 2014-04-29 13:14
version : 9.9.3.0
compiled with : Delphi XE2
madExcept version : 4.0.8.1
callstack crc : $00000008, $a0cc6c06, $96f01272
count : 2
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 00000008. Read of address 00000
008.
thread $be8:
00000008 +000 ???
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
main thread ($1008):
769a4386 +00e USER32.dll WaitMessage
005ba0fd +149 PCMAV.exe Vcl.Forms TApplication.Idle
005b9323 +017 PCMAV.exe Vcl.Forms TApplication.HandleMessage
005b9649 +0c9 PCMAV.exe Vcl.Forms TApplication.Run
0087c404 +19c PCMAV.exe PCMAV 152 +54 initialization
74d73675 +010 kernel32.dll BaseThreadInitThunk
thread $7f8:
76fb00f6 +0e ntdll.dll NtWaitForMultipleObjects
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $14ac (TWorkerThread):
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
74d71133 +0d kernel32.dll WaitForSingleObject
0068b0d1 +19 PCMAV.exe VirtualTrees 6173 +3 TWorkerThread.Execute
004cc8cb +2b PCMAV.exe madExcept HookedTThreadExecute
00486faa +42 PCMAV.exe System.Classes ThreadProc
004079f0 +28 PCMAV.exe System 207 +0 ThreadWrapper
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
0068afc6 +16 PCMAV.exe VirtualTrees 6116 +1 TWorkerThread.Create
thread $1424:
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
74d71133 +0d kernel32.dll WaitForSingleObject
005edc6b +2f PCMAV.exe MPThreadManager 898 +4 TCommonEventThread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $760:
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
74d71133 +0d kernel32.dll WaitForSingleObject
006c6829 +4d PCMAV.exe VirtualShellNotifier 2272 +9 TVirtualChangeDispatch
Thread.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteS
tub
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $1794:
76997eb8 +26 USER32.dll GetMessageW
006c5bef +bb PCMAV.exe VirtualShellNotifier 1930 +15 TVirtualShellChangeThrea
d.Execute
005ed82e +36 PCMAV.exe MPThreadManager 676 +22 TCommonThread.ExecuteStu
b
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
005ed575 +6d PCMAV.exe MPThreadManager 615 +12 TCommonThread.Create
thread $12f0:
76faf927 +00b ntdll.dll NtReplyWaitReceivePort
007ad84c +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
007add24 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $162c: <priority:1>
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad4d2 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
007add45 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $1380:
76faf927 +00b ntdll.dll NtReplyWaitReceivePort
007ad84c +030 PCMAV.exe madCodeHook LpcPortThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
007add24 +270 PCMAV.exe madCodeHook CreateLpcQueue
thread $68c: <priority:1>
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad4d2 +012 PCMAV.exe madCodeHook LpcDispatchThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by main thread ($1008) at:
007add45 +291 PCMAV.exe madCodeHook CreateLpcQueue
thread $139c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $68c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $1460 (TWndProc): <suspended>
007803b9 +d PCMAV.exe UnitWndProc 36 +1 TWndProc.Execute
thread $37c:
76faf86a +0e ntdll.dll NtWaitForSingleObject
76050810 +92 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +3e kernel32.dll WaitForSingleObjectEx
004cc7ad +0d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +37 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +10 kernel32.dll BaseThreadInitThunk
>> created by thread $dc8 at:
70b5325b +00 rasman.dll
thread $b30:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $13c8:
76fb1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $1d4:
76fb1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $131c:
76fb1edf +0b ntdll.dll NtWaitForWorkViaWorkerFactory
74d73675 +10 kernel32.dll BaseThreadInitThunk
thread $adc:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $1dc:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $40c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $f68:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $15a0:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $a34:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $a2c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $d8c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $137c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $d70:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $1628:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $b5c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $1294:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $174c:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
thread $17f4:
76faf86a +00e ntdll.dll NtWaitForSingleObject
76050810 +092 KERNELBASE.dll WaitForSingleObjectEx
74d7117f +03e kernel32.dll WaitForSingleObjectEx
74d71133 +00d kernel32.dll WaitForSingleObject
007ad41b +017 PCMAV.exe madCodeHook LpcWorkerThread
004cc7ad +00d PCMAV.exe madExcept CallThreadProcSafe
004cc817 +037 PCMAV.exe madExcept ThreadExceptFrame
74d73675 +010 kernel32.dll BaseThreadInitThunk
>> created by thread $162c at:
007ad633 +173 PCMAV.exe madCodeHook LpcDispatchThread
processes:
0000 Idle 0 0 0
0004 System 0 0 0
01c4 smss.exe 0 0 0 normal
028c csrss.exe 0 0 0 normal
0348 wininit.exe 0 0 0 high
035c csrss.exe 1 174 80 normal
0388 services.exe 0 0 0 normal
0398 lsass.exe 0 0 0 normal
03b8 winlogon.exe 1 6 0 high
03d4 lsm.exe 0 0 0 normal
01f4 svchost.exe 0 0 0 normal
02d0 USBSRService.exe 0 0 0 normal
02f4 nvvsvc.exe 0 0 0 normal
0314 svchost.exe 0 0 0 normal
0418 svchost.exe 0 0 0 normal
0440 svchost.exe 0 0 0 normal
045c svchost.exe 0 0 0 normal
04b0 audiodg.exe 0 0 0
04f4 svchost.exe 0 0 0 normal
057c nvxdsync.exe 1 35 12 normal
0584 nvvsvc.exe 1 23 9 normal
058c AIPS.exe 0 0 0 normal C:\Program Files (x86
)\netcut\services
05cc 360rps.exe 0 0 0 normal
05ec QHActiveDefense.exe 0 0 0 normal C:\Program Files\360\
360 Internet Security\deepscan
0620 svchost.exe 0 0 0 normal
0724 spoolsv.exe 0 0 0 normal
0758 sched.exe 0 0 0 normal C:\Program Files (x86
)\Avira\AntiVir Desktop
07d8 dwm.exe 1 17 2 high
07ec svchost.exe 0 0 0 normal
0634 taskhost.exe 1 102 44 normal
087c explorer.exe 1 1274 574 normal
0964 avguard.exe 0 0 0 normal C:\Program Files (x86
)\Avira\AntiVir Desktop
097c lmgrd.exe 0 0 0 normal C:\Program Files (x86
)\ArcGIS\License10.1\bin
09a4 conhost.exe 0 0 0 normal
09b4 lmgrd.exe 0 0 0 normal C:\Program Files (x86
)\ArcGIS\License10.1\bin
09c4 taskeng.exe 1 12 3 normal
0a0c ABService.exe 0 0 0 normal C:\Program Files (x86
)\AOMEI Backupper Standard Edition 2.0
0a24 ATKOSD2.exe 1 22 14 below normal C:\Program Files (x86
)\ASUS\ATK Package\ATKOSD2
0a60 AsusTPLoader.exe 1 15 7 below normal
0a78 QuickGesture64.exe 1 14 6 above normal
0a88 QuickGesture.exe 1 14 6 above normal C:\Program Files (x86
)\ASUS\ASUS Smart Gesture\QuickGesture\x86
0b10 hkcmd.exe 1 17 17 normal
0b68 igfxpers.exe 1 12 4 normal
0ba4 ClassicStartMenu.exe 1 9 4 normal
0bc0 IDMan.exe 1 92 65 normal C:\Program Files (x86
)\Tonec
0bd8 USBSafelyRemove.exe 1 358 82 normal C:\Program Files (x86
)\USB Safely Remove
0be0 360sd.exe 1 400 255 normal
08b4 ARCGIS.exe 0 0 0 normal C:\Program Files (x86
)\ArcGIS\License10.1\bin
09bc HControlUser.exe 1 18 5 normal C:\Program Files (x86
)\ASUS\ATK Package\ATK Hotkey
07a0 PWRISOVM.EXE 1 18 8 normal C:\Program Files (x86
)\PowerISO
0c28 avgnt.exe 1 79 52 normal C:\Program Files (x86
)\Avira\AntiVir Desktop
0c34 WSHelper.exe 1 63 50 normal C:\Program Files (x86
)\Common Files\Wondershare\Wondershare Helper Compact
0c6c HeciServer.exe 0 0 0 normal
0c8c jhi_service.exe 0 0 0 normal C:\Program Files (x86
)\Intel\Intel(R) Management Engine Components\DAL
0ca8 SMSvcHost.exe 0 0 0 normal
0cbc DFX.exe 1 545 31 normal C:\Program Files (x86
)\DFX
0ddc 360rp.exe 1 9 2 normal
0e28 360tray.exe 1 206 68 normal C:\Program Files\360\
360 Internet Security\safemon
0fa8 RTPshell.exe 1 34 29 normal c:\pc mav 9.9.1
0fd8 NitroPDFDriverService9x64.exe 0 0 0 normal
0a14 NLSSRV32.EXE 0 0 0 normal C:\Windows\SysWOW64
07d0 svchost.exe 0 0 0 normal
0e34 RAVCpl64.exe 1 54 20 below normal
0e8c RAVBg64.exe 1 17 17 below normal
10fc WmiPrvSE.exe 0 0 0 normal
1150 AsusTPCenter.exe 1 78 35 below normal
1204 avshadow.exe 0 0 0 normal
12dc SearchIndexer.exe 0 0 0 normal
0d90 FNPLicensingService.exe 0 0 0 normal C:\Program Files (x86
)\Common Files\Macrovision Shared\FLEXnet Publisher
0b3c svchost.exe 0 0 0 normal
155c AsusTPHelper.exe 1 15 7 below normal
11b4 LMS.exe 0 0 0 normal C:\Program Files (x86
)\Intel\Intel(R) Management Engine Components\LMS
0fa4 wmpnetwk.exe 0 0 0 normal
15b8 UNS.exe 0 0 0 normal C:\Program Files (x86
)\Intel\Intel(R) Management Engine Components\UNS
1664 svchost.exe 0 0 0 normal
16e0 IEMonitor.exe 1 20 16 normal C:\Program Files (x86
)\Tonec
1738 AIMP3.exe 1 289 93 normal C:\Program Files (x86
)\AIMP3
1550 WarKey.exe 1 219 163 normal D:
1198 dinotify.exe 1 64 20 normal
1700 WUDFHost.exe 0 0 0 normal
0ef8 PCMAV.exe 1 228 115 below normal C:\PC MAV 9.9.1
0efc ArcGISCacheMgr.exe 1 9 5 normal C:\Program Files (x86
)\Common Files\ArcGIS\bin
12f8 splwow64.exe 1 4 3 normal
0ec0 PresentationFontCache.exe 0 0 0 normal
0f1c firefox.exe 1 37 50 normal C:\Program Files (x86
)\Mozilla Firefox
14a0 plugin-container.exe 1 9 14 normal C:\Program Files (x86
)\Mozilla Firefox
16c8 afom.exe 1 20 20 normal C:\Users\ASUS\AppData
\Roaming\Mozilla\Firefox\Profiles\w69e7s4b.default\extensions\{E173B749-DB5B-4fd
2-BA0E-94ECEA0CA55B}\components
0d78 ArcMap.exe 1 1053 315 normal C:\Program Files (x86
)\ArcGIS\Desktop10.1\bin
0f70 ArcGISConnection.exe 1 18 8 normal C:\Program Files (x86
)\Common Files\ArcGIS\bin
15d0 SearchProtocolHost.exe 0 0 0 idle
0a9c SearchFilterHost.exe 0 0 0 idle
0768 AppROT.exe 1 9 7 normal C:\Program Files (x86
)\ArcGIS\Desktop10.1\bin
Potrebbero piacerti anche
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)Da EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Valutazione: 4.5 su 5 stelle4.5/5 (121)
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryDa EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryValutazione: 3.5 su 5 stelle3.5/5 (231)
- Grit: The Power of Passion and PerseveranceDa EverandGrit: The Power of Passion and PerseveranceValutazione: 4 su 5 stelle4/5 (588)
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaDa EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaValutazione: 4.5 su 5 stelle4.5/5 (266)
- Never Split the Difference: Negotiating As If Your Life Depended On ItDa EverandNever Split the Difference: Negotiating As If Your Life Depended On ItValutazione: 4.5 su 5 stelle4.5/5 (838)
- The Emperor of All Maladies: A Biography of CancerDa EverandThe Emperor of All Maladies: A Biography of CancerValutazione: 4.5 su 5 stelle4.5/5 (271)
- The Little Book of Hygge: Danish Secrets to Happy LivingDa EverandThe Little Book of Hygge: Danish Secrets to Happy LivingValutazione: 3.5 su 5 stelle3.5/5 (400)
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeDa EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeValutazione: 4 su 5 stelle4/5 (5794)
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyDa EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyValutazione: 3.5 su 5 stelle3.5/5 (2259)
- Shoe Dog: A Memoir by the Creator of NikeDa EverandShoe Dog: A Memoir by the Creator of NikeValutazione: 4.5 su 5 stelle4.5/5 (537)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreDa EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreValutazione: 4 su 5 stelle4/5 (1090)
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersDa EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersValutazione: 4.5 su 5 stelle4.5/5 (345)
- Team of Rivals: The Political Genius of Abraham LincolnDa EverandTeam of Rivals: The Political Genius of Abraham LincolnValutazione: 4.5 su 5 stelle4.5/5 (234)
- Her Body and Other Parties: StoriesDa EverandHer Body and Other Parties: StoriesValutazione: 4 su 5 stelle4/5 (821)
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceDa EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceValutazione: 4 su 5 stelle4/5 (895)
- The Ultimate Command Cheat Sheet For MetasploitDocumento5 pagineThe Ultimate Command Cheat Sheet For MetasploitatulNessuna valutazione finora
- The Unwinding: An Inner History of the New AmericaDa EverandThe Unwinding: An Inner History of the New AmericaValutazione: 4 su 5 stelle4/5 (45)
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureDa EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureValutazione: 4.5 su 5 stelle4.5/5 (474)
- On Fire: The (Burning) Case for a Green New DealDa EverandOn Fire: The (Burning) Case for a Green New DealValutazione: 4 su 5 stelle4/5 (74)
- The Yellow House: A Memoir (2019 National Book Award Winner)Da EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Valutazione: 4 su 5 stelle4/5 (98)
- Visual Monitoring SystemDocumento8 pagineVisual Monitoring Systembalaeee123Nessuna valutazione finora
- Aspire 4710 Driver ListDocumento5 pagineAspire 4710 Driver ListmitapaNessuna valutazione finora
- Cream Cascade For G8M Dickator: UtorialDocumento3 pagineCream Cascade For G8M Dickator: UtorialAuroraNessuna valutazione finora
- ABB Software Product Guide PCM600 Version 2.6Documento12 pagineABB Software Product Guide PCM600 Version 2.6razvan_nNessuna valutazione finora
- Interview QuestionsDocumento11 pagineInterview Questionsrajusandeep12Nessuna valutazione finora
- Computing Essentials 2013 Making IT Work For You 23rd Edition OLeary Solutions Manual 1Documento18 pagineComputing Essentials 2013 Making IT Work For You 23rd Edition OLeary Solutions Manual 1nadia100% (37)
- Block 1Documento76 pagineBlock 1Angad KamatNessuna valutazione finora
- Cisco AnyConnect Vendor VPNDocumento9 pagineCisco AnyConnect Vendor VPNArvind RazdanNessuna valutazione finora
- MTApp DWN LogDocumento16 pagineMTApp DWN LogAnonymous t2E37eFOZNessuna valutazione finora
- Practical 6 IC ...Documento7 paginePractical 6 IC ...Arpita VajpayeeNessuna valutazione finora
- Hacker's Armory For System Hacking - Password Recovery ToolsDocumento3 pagineHacker's Armory For System Hacking - Password Recovery Toolsniranjan shettiNessuna valutazione finora
- CDD Scanning GuideDocumento15 pagineCDD Scanning GuideKundan KadamNessuna valutazione finora
- Parrot Ds1120 User GuideDocumento53 pagineParrot Ds1120 User Guidechhavi123Nessuna valutazione finora
- Change Logs UPDATE 6Documento3 pagineChange Logs UPDATE 6Anonymous c9v4Tyw8GFNessuna valutazione finora
- Model 7150 Fluid Migration Analyzer (FMA) : Part Number 7150-0089 Revision P.3 - January 2008Documento76 pagineModel 7150 Fluid Migration Analyzer (FMA) : Part Number 7150-0089 Revision P.3 - January 2008Ali AliievNessuna valutazione finora
- Iriver Ihp 140Documento30 pagineIriver Ihp 140Martin EverettNessuna valutazione finora
- NetWorker 7.4 Service Pack 2 Multi Platform Release NotesDocumento111 pagineNetWorker 7.4 Service Pack 2 Multi Platform Release NotesMohammed Abdul ShafiNessuna valutazione finora
- U Windows 2008 STIG V6R1.9 OverviewDocumento24 pagineU Windows 2008 STIG V6R1.9 OverviewimariotNessuna valutazione finora
- Exchange Maintenance ChecklistDocumento2 pagineExchange Maintenance ChecklistMike RodriguezNessuna valutazione finora
- VideoXpert Integration - Security Expert (User Guide)Documento26 pagineVideoXpert Integration - Security Expert (User Guide)paulinapevNessuna valutazione finora
- Aum Prev LogDocumento46 pagineAum Prev LogYoutube PremiumNessuna valutazione finora
- Process Expert V4.2 Release Notes PlatformDocumento15 pagineProcess Expert V4.2 Release Notes PlatformHai Pham VanNessuna valutazione finora
- UntitledDocumento7 pagineUntitledVar UnNessuna valutazione finora
- SysteminfoDocumento1 paginaSysteminfoR Edith CalleNessuna valutazione finora
- Renishaw Ballbar System QC-10Documento8 pagineRenishaw Ballbar System QC-10ClaudintoshNessuna valutazione finora
- CS 200e&CS 220e ManualDocumento113 pagineCS 200e&CS 220e ManualDidoNessuna valutazione finora
- How To Remove Shortcut VirusDocumento11 pagineHow To Remove Shortcut VirusMarijoe Kate HufalarNessuna valutazione finora
- Getting Started With Creating PDFs in LabVIEW Example PDFDocumento4 pagineGetting Started With Creating PDFs in LabVIEW Example PDFDragan LazicNessuna valutazione finora
- D - Old Products - S7 Mediapad Lite S7-931u - HUAWEI MediaPad 7 Lite FAQsDocumento21 pagineD - Old Products - S7 Mediapad Lite S7-931u - HUAWEI MediaPad 7 Lite FAQsjanice aguilar100% (1)
