Vous êtes sur la page 1sur 9

date/time

computer name
user name
registered owner
operating system
system language
system up time
program up time
processors
physical memory
free disk space
display mode
process id
allocated memory
executable
exec. date/time
version
compiled with
madExcept version
callstack crc
exception number
exception class
exception message

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

2015-09-24, 15:29:39, 270ms


MFL-PC
MFL <admin>
MFL
Windows 7 Service Pack 1 build 7601
Thai
2 hours 5 minutes
32 seconds
2x Intel(R) Celeron(R) CPU B820 @ 1.70GHz
789/1986 MB (free/total)
(C:) 36.91 GB
1366x768, 32 bit
$4f0
94.10 MB
dpLMSPlayer.exe
2012-08-20 15:12
14.0.0.31
Delphi 2007
3.0e
$dd9efce3, $347662b7, $e4a22635
1
ERecognizer
Pronunciation for 'reduced' unknown.

main thread ($b90):


00806683 +037 dpLMSPlayer.exe
008066fb +053 dpLMSPlayer.exe
00811e81 +145 dpLMSPlayer.exe
008123ea +072 dpLMSPlayer.exe
0080e0c2 +0aa dpLMSPlayer.exe
0080e66a +0ea dpLMSPlayer.exe
0080e483 +07b dpLMSPlayer.exe
0080ff19 +09d dpLMSPlayer.exe
0081d70b +09b dpLMSPlayer.exe
0080ccbc +03c dpLMSPlayer.exe
wNetwork
00479729 +0fd dpLMSPlayer.exe
004bf7d5 +6bd dpLMSPlayer.exe
0047b6cc +014 dpLMSPlayer.exe
75b03573 +00a USER32.dll
004c01a6 +136 dpLMSPlayer.exe
004c01eb +00f dpLMSPlayer.exe
004c0573 +0c3 dpLMSPlayer.exe
009457d9 +779 dpLMSPlayer.exe
770e3c43 +010 kernel32.dll

Recognizer
Recognizer
Recognizer
Recognizer
Recognizer
Recognizer
Recognizer
Recognizer
RecogIF
Recognizer

751
757
4638
4791
2687
2813
2766
3505
1452
2049

+6
+1
+19
+12
+17
+16
+3
+6
+13
+7

ShowError
ShowErrorFormatted
AddWordFromApplication
DictionaryAddWordAndSymbol
TNetwork.AddNode
TNetwork.AddSubSentence
TNetwork.AddSentence
TVoicePilot.AddCommand
TRecognizer.ApplyCommandsCB
TRecognizerThread.DoApplyNe

Classes
Forms
Classes

CheckSynchronize
7831 +144 TApplication.WndProc
StdWndProc
DispatchMessageA
Forms
8105 +23 TApplication.ProcessMessage
Forms
8124 +1 TApplication.HandleMessage
Forms
8223 +20 TApplication.Run
OnlinePlayer 245 +141 initialization
BaseThreadInitThunk

thread $d84:
771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a02 +0a ntdll.dll
NtWaitForMultipleObjects
770e3c43 +10 kernel32.dll BaseThreadInitThunk
thread $73c:
771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a32 +0a ntdll.dll
NtWaitForWorkViaWorkerFactory
770e3c43 +10 kernel32.dll BaseThreadInitThunk
thread $f4c:
771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a32 +0a ntdll.dll
NtWaitForWorkViaWorkerFactory
770e3c43 +10 kernel32.dll BaseThreadInitThunk

thread $928:
771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a32 +0a ntdll.dll
NtWaitForWorkViaWorkerFactory
770e3c43 +10 kernel32.dll BaseThreadInitThunk
thread $540:
771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a32 +0a ntdll.dll
NtWaitForWorkViaWorkerFactory
770e3c43 +10 kernel32.dll BaseThreadInitThunk
thread $690:
771b70b4 +00 ntdll.dll
771b57d2 +0a ntdll.dll
75341870 +4f KERNELBASE.dll
75341813 +0a KERNELBASE.dll
00450b01 +0d dpLMSPlayer.exe madExcept
00450b6b +37 dpLMSPlayer.exe madExcept
770e3c43 +10 kernel32.dll
>> created by main thread ($b90) at:
7567da8e +00 ole32.dll

KiFastSystemCallRet
NtDelayExecution
SleepEx
Sleep
CallThreadProcSafe
ThreadExceptFrame
BaseThreadInitThunk

thread $f30 (TKeepAliveThread):


771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a22 +0a ntdll.dll
NtWaitForSingleObject
75341796 +66 KERNELBASE.dll
WaitForSingleObjectEx
770dbaee +3e kernel32.dll
WaitForSingleObjectEx
770dba9d +0d kernel32.dll
WaitForSingleObject
00491ce0 +4c dpLMSPlayer.exe SyncObjs
THandleObject.WaitFor
0079dda8 +90 dpLMSPlayer.exe dpLMSClientData 456 +14 TKeepAliveThread.Execute
00450c1f +2b dpLMSPlayer.exe madExcept
HookedTThreadExecute
00479838 +34 dpLMSPlayer.exe Classes
ThreadProc
00405690 +28 dpLMSPlayer.exe System
173 +0 ThreadWrapper
00450b01 +0d dpLMSPlayer.exe madExcept
CallThreadProcSafe
00450b6b +37 dpLMSPlayer.exe madExcept
ThreadExceptFrame
770e3c43 +10 kernel32.dll
BaseThreadInitThunk
>> created by main thread ($b90) at:
0079df6b +4f dpLMSPlayer.exe dpLMSClientData 504 +6 TKeepAliveThread.Create
thread $718:
771b70b4 +00
771b6922 +0a
7718f500 +40
770e3c43 +10

ntdll.dll
ntdll.dll
ntdll.dll
kernel32.dll

KiFastSystemCallRet
NtTraceControl
EtwpNotificationThread
BaseThreadInitThunk

thread $ecc (TWaveInCBThread):


771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a22 +0a ntdll.dll
NtWaitForSingleObject
75341796 +66 KERNELBASE.dll
WaitForSingleObjectEx
770dbaee +3e kernel32.dll
WaitForSingleObjectEx
770dba9d +0d kernel32.dll
WaitForSingleObject
0080b3d6 +16 dpLMSPlayer.exe Recognizer 1177 +4 TWaveInCBThread.Execute
00450c1f +2b dpLMSPlayer.exe madExcept
HookedTThreadExecute
00479838 +34 dpLMSPlayer.exe Classes
ThreadProc
00405690 +28 dpLMSPlayer.exe System
173 +0 ThreadWrapper
00450b01 +0d dpLMSPlayer.exe madExcept
CallThreadProcSafe
00450b6b +37 dpLMSPlayer.exe madExcept
ThreadExceptFrame
770e3c43 +10 kernel32.dll
BaseThreadInitThunk
>> created by main thread ($b90) at:
0080b367 +1f dpLMSPlayer.exe Recognizer 1165 +1 TWaveInCBThread.Create

thread $b0 (TWorkerThread):


771b70b4 +00 ntdll.dll
KiFastSystemCallRet
771b6a22 +0a ntdll.dll
NtWaitForSingleObject
75341796 +66 KERNELBASE.dll
WaitForSingleObjectEx
770dbaee +3e kernel32.dll
WaitForSingleObjectEx
770dba9d +0d kernel32.dll
WaitForSingleObject
006f58b6 +16 dpLMSPlayer.exe VirtualTrees 4499 +3 TWorkerThread.Execute
00450c1f +2b dpLMSPlayer.exe madExcept
HookedTThreadExecute
00479838 +34 dpLMSPlayer.exe Classes
ThreadProc
00405690 +28 dpLMSPlayer.exe System
173 +0 ThreadWrapper
00450b01 +0d dpLMSPlayer.exe madExcept
CallThreadProcSafe
00450b6b +37 dpLMSPlayer.exe madExcept
ThreadExceptFrame
770e3c43 +10 kernel32.dll
BaseThreadInitThunk
>> created by main thread ($b90) at:
006f582b +23 dpLMSPlayer.exe VirtualTrees 4477 +1 TWorkerThread.Create
thread $ed4: <priority:15>
771b70b4 +00 ntdll.dll
771b6a02 +0a ntdll.dll
00450b01 +0d dpLMSPlayer.exe madExcept
00450b6b +37 dpLMSPlayer.exe madExcept
770e3c43 +10 kernel32.dll
>> created by main thread ($b90) at:
6edfa89c +00 winmm.dll

KiFastSystemCallRet
NtWaitForMultipleObjects
CallThreadProcSafe
ThreadExceptFrame
BaseThreadInitThunk

thread $dbc (TRecognizerThread): <priority:-1>


771b70b4 +000 ntdll.dll
771b6a22 +00a ntdll.dll
75341796 +066 KERNELBASE.dll
770dbaee +03e kernel32.dll
770dba9d +00d kernel32.dll
00479cb7 +113 dpLMSPlayer.exe Classes
00479d5e +01e dpLMSPlayer.exe Classes
0080ce3e +15e dpLMSPlayer.exe Recognizer 2091 +33
00450c1f +02b dpLMSPlayer.exe madExcept
00479838 +034 dpLMSPlayer.exe Classes
00405690 +028 dpLMSPlayer.exe System
173 +0
00450b01 +00d dpLMSPlayer.exe madExcept
00450b6b +037 dpLMSPlayer.exe madExcept
770e3c43 +010 kernel32.dll
>> created by main thread ($b90) at:
0080d2f9 +029 dpLMSPlayer.exe Recognizer 2251 +1

KiFastSystemCallRet
NtWaitForSingleObject
WaitForSingleObjectEx
WaitForSingleObjectEx
WaitForSingleObject
TThread.Synchronize
TThread.Synchronize
TRecognizerThread.Execute
HookedTThreadExecute
ThreadProc
ThreadWrapper
CallThreadProcSafe
ThreadExceptFrame
BaseThreadInitThunk
TRecognizerThread.Create

hardware:
+ Batteries
- Microsoft AC Adapter
- Microsoft ACPI-Compliant Control Method Battery
- Microsoft Composite Battery
+ Bluetooth Radios
- Generic Bluetooth Adapter
- Microsoft Bluetooth Enumerator
+ Computer
- ACPI x86-based PC
+ Disk drives
- ATA ST320LT020-9YG14 SCSI Disk Device
+ Display adapters
- Intel(R) HD Graphics (driver 9.17.10.2932)
+ DVD/CD-ROM drives
- MATSHITA DVD-RAM UJ8B1AS SCSI CdRom Device

+ IDE ATA/ATAPI controllers


- Intel(R) Mobile Express Chipset SATA AHCI Controller (driver 11.5.4.1001)
+ Imaging devices
- Lenovo EasyCamera (driver 13.10.1201.1)
+ Intel(R) Centrino(R) WiMAX adapters
- Intel(R) Centrino(R) WiMAX Enumerator (driver 6.2.1007.26)
+ Keyboards
- Standard PS/2 Keyboard
+ Mice and other pointing devices
- Synaptics PS/2 Port TouchPad (driver 15.3.0.0)
+ Monitors
- Generic PnP Monitor
+ Network adapters
- Bluetooth Device (Personal Area Network)
- Broadcom 802.11n Network Adapter (driver 6.30.223.228)
- Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) (dri
ver 2.1.0.12)
+ Processors
- Intel(R) Celeron(R) CPU B820 @ 1.70GHz
- Intel(R) Celeron(R) CPU B820 @ 1.70GHz
+ Sound, video and game controllers
- Conexant SmartAudio HD (driver 8.54.4.50)
- Intel(R) Display Audio (driver 6.14.0.3097)
+ Storage volume shadow copies
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
- Generic volume shadow copy
+ System devices
- 2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104 (dr
iver 9.2.0.1026)
- ACPI Fan
- ACPI Fan
- ACPI Fixed Feature Button
- ACPI Lid
- ACPI Power Button
- ACPI Sleep Button
- ACPI Thermal Zone
- Composite Bus Enumerator
- Direct memory access controller
- File as Volume Driver
- High Definition Audio Controller
- High precision event timer
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
(driver 9.2.0.1016)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
(driver 9.2.0.1016)
- Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 (driver
9.2.0.1011)
- Intel(R) 82802 Firmware Hub Device
- Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49 (driver

9.2.0.1016)
- Intel(R) Management Engine Interface (driver 8.1.10.1275)
- Lenovo ACPI-Compliant Virtual Power Controller (driver 7.0.0.1)
- Microsoft ACPI-Compliant Embedded Controller
- Microsoft ACPI-Compliant System
- Microsoft System Management BIOS Driver
- Microsoft Virtual Drive Enumerator Driver
- Microsoft Watchdog Timer
- Motherboard resources
- Motherboard resources
- Motherboard resources
- Motherboard resources
- Numeric data processor
- PCI bus (driver 1.0.7.248)
- Plug and Play Software Device Enumerator
- Programmable interrupt controller
- Remote Desktop Device Redirector Bus
- System board
- System CMOS/real time clock
- System timer
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- UMBus Enumerator
- UMBus Root Bus Enumerator
- Volume Manager
+ Universal Serial Bus controllers
- Generic USB Hub
- Generic USB Hub
- Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller 1C26 (driver 9.2.0.1021)
- Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller 1C2D (driver 9.2.0.1021)
- Realtek USB 2.0 Card Reader (driver 6.2.8400.39034)
- USB Composite Device
- USB Root Hub
- USB Root Hub
modules:
00400000 dpLMSPlayer.exe
22200000 eplgHooks.dll
D32 Antivirus
629d0000 DDRAW.dll
63250000 hhctrl.ocx
647b0000 igdumd32.dll
6a7f0000 wshbth.dll
6a800000 winrnr.dll
6a810000 pnrpnsp.dll
6a830000 napinsp.dll
6b720000 MSVFW32.DLL
6ed90000 winspool.drv
6edf0000 winmm.dll
6f070000 olepro32.dll
701a0000 IconCodecService.dll
70300000 ntshrui.dll
70370000 CSCAPI.dll
70380000 GrooveIntlResource.dll
\1054
70c80000 office.odf
\OFFICE14\Cultures
711f0000 GROOVEEX.DLL

14.0.0.31
4.0.474.10

C:\Users\MFL\Desktop
C:\Program Files\ESET\ESET NO

6.1.7600.16385
6.1.7600.16385
9.17.10.2932
6.1.7601.17514
6.1.7600.16385
6.1.7600.16385
6.1.7600.16385
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7600.16385
6.1.7601.17514
6.1.7601.17514
14.0.4761.1000

C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\System32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\PROGRA~1\MICROS~2\Office14

14.0.4738.1000

C:\PROGRA~1\COMMON~1\MICROS~1

14.0.4761.1000

C:\PROGRA~1\MICROS~2\Office14

71630000 CSCDLL.dll
6.1.7601.17514
C:\Windows\System32
71640000 cscui.dll
6.1.7601.17514
C:\Windows\System32
71740000 ATL90.DLL
9.0.30729.4148
C:\Windows\WinSxS\x86_microso
ft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806
71770000 MSVCP90.dll
9.0.30729.4940
C:\Windows\WinSxS\x86_microso
ft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742
71800000 MSVCR90.dll
9.0.30729.4940
C:\Windows\WinSxS\x86_microso
ft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742
71ab0000 EhStorShell.dll
6.1.7600.16385
C:\Windows\system32
71ca0000 mpr.dll
6.1.7600.16385
C:\Windows\system32
721d0000 wsock32.dll
6.1.7600.16385
C:\Windows\system32
72230000 midimap.dll
6.1.7600.16385
C:\Windows\system32
72240000 msacm32.dll
6.1.7600.16385
C:\Windows\system32
72260000 msacm32.drv
6.1.7600.16385
C:\Windows\system32
72320000 AUDIOSES.DLL
6.1.7601.17514
C:\Windows\system32
72360000 DCIMAN32.DLL
6.1.7600.16385
C:\Windows\system32
72720000 rasadhlp.dll
6.1.7600.16385
C:\Windows\system32
732b0000 fwpuclnt.dll
6.1.7601.17514
C:\Windows\System32
733f0000 WINNSI.DLL
6.1.7600.16385
C:\Windows\system32
73400000 IPHLPAPI.DLL
6.1.7601.17514
C:\Windows\system32
73580000 slc.dll
6.1.7600.16385
C:\Windows\system32
736b0000 NLAapi.dll
6.1.7601.17514
C:\Windows\system32
73a50000 wdmaud.drv
6.1.7601.17514
C:\Windows\system32
73b30000 ksuser.dll
6.1.7600.16385
C:\Windows\system32
73b40000 msimg32.dll
6.1.7600.16385
C:\Windows\system32
73b50000 AVRT.dll
6.1.7600.16385
C:\Windows\system32
73b60000 WindowsCodecs.dll
6.1.7601.17514
C:\Windows\system32
73c60000 ntmarta.dll
6.1.7600.16385
C:\Windows\system32
73cc0000 dwmapi.dll
6.1.7600.16385
C:\Windows\system32
73fb0000 uxtheme.dll
6.1.7600.16385
C:\Windows\system32
73ff0000 PROPSYS.dll
7.0.7601.17514
C:\Windows\system32
74130000 comctl32.dll
6.10.7601.17514
C:\Windows\WinSxS\x86_microso
ft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
743f0000 MMDevAPI.DLL
6.1.7601.17514
C:\Windows\system32
747c0000 version.dll
6.1.7600.16385
C:\Windows\system32
74850000 wshtcpip.dll
6.1.7600.16385
C:\Windows\System32
749e0000 credssp.dll
6.1.7601.17514
C:\Windows\system32
74ae0000 rsaenh.dll
6.1.7600.16385
C:\Windows\system32
74bc0000 DNSAPI.dll
6.1.7601.17514
C:\Windows\system32
74ca0000 msv1_0.DLL
6.1.7601.17514
C:\Windows\system32
74d00000 mswsock.dll
6.1.7601.17514
C:\Windows\System32
74d40000 CRYPTSP.dll
6.1.7600.16385
C:\Windows\system32
74f40000 cryptdll.dll
6.1.7600.16385
C:\Windows\system32
75100000 srvcli.dll
6.1.7601.17514
C:\Windows\system32
75170000 secur32.dll
6.1.7601.17514
C:\Windows\system32
751a0000 SspiCli.dll
6.1.7601.17514
C:\Windows\system32
751c0000 apphelp.dll
6.1.7601.17514
C:\Windows\system32
75210000 CRYPTBASE.dll
6.1.7600.16385
C:\Windows\system32
752b0000 RpcRtRemote.dll
6.1.7601.17514
C:\Windows\system32
752c0000 profapi.dll
6.1.7600.16385
C:\Windows\system32
75330000 MSASN1.dll
6.1.7601.17514
C:\Windows\system32
75340000 KERNELBASE.dll
6.1.7601.17514
C:\Windows\system32
75390000 DEVOBJ.dll
6.1.7600.16385
C:\Windows\system32
753b0000 wintrust.dll
6.1.7601.17514
C:\Windows\system32
75470000 CFGMGR32.dll
6.1.7601.17514
C:\Windows\system32
754a0000 CRYPT32.dll
6.1.7601.17514
C:\Windows\system32
755c0000 comdlg32.dll
6.1.7601.17514
C:\Windows\system32
75640000 LPK.dll
6.1.7600.16385
C:\Windows\system32
75650000 ole32.dll
6.1.7601.17514
C:\Windows\system32
757b0000 iertutil.dll
8.0.7601.17514
C:\Windows\system32

759b0000
75af0000
75bc0000
75c60000
75d30000
75d50000
75e00000
75e50000
75ef0000
75fa0000
76060000
760f0000
76d40000
76d60000
76da0000
76f40000
77040000
77090000
77170000
772f0000
77300000

URLMON.DLL
USER32.dll
CLBCatQ.DLL
MSCTF.dll
sechost.dll
msvcrt.dll
WLDAP32.dll
USP10.dll
RPCRT4.dll
SHLWAPI.dll
oleaut32.dll
shell32.dll
imm32.dll
WS2_32.dll
SETUPAPI.dll
WININET.dll
GDI32.dll
kernel32.dll
ntdll.dll
NSI.dll
advapi32.dll

processes:
000 Idle
004 System
120 smss.exe
190 csrss.exe
1d4 wininit.exe
1e0 csrss.exe
214 winlogon.exe
238 services.exe
248 lsass.exe
250 lsm.exe
2c0 svchost.exe
324 svchost.exe
378 svchost.exe
3a4 svchost.exe
3c4 svchost.exe
438 audiodg.exe
47c svchost.exe
4e4 svchost.exe
580 Explorer.EXE
594 Dwm.exe
5d0 wlanext.exe
5e0 conhost.exe
620 spoolsv.exe
648 sched.exe
65c svchost.exe
67c taskhost.exe
740 armsvc.exe
758 avguard.exe
788 ekrn.exe
12c AppSrv.exe
284 PDVD10Serv.exe
36c brs.exe
s
3f4 avgnt.exe
41c egui.exe
irus
490 VM331_STI.EXE

8.0.7601.17514
6.1.7600.16385
2001.12.8530.16385
6.1.7600.16385
6.1.7600.16385
7.0.7600.16385
6.1.7601.17514
1.626.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
8.0.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7601.17514
6.1.7600.16385
6.1.7601.17514
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
1
0
0
0
0
1
1

C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\SYSTEM32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\system32
C:\Windows\SYSTEM32
C:\Windows\system32
C:\Windows\system32

normal
normal

C:\Windows
C:\Windows\system32

normal

C:\Windows\system32

normal
normal

C:\Program Files\CyberLink\PowerDVD10
C:\Program Files\CyberLink\Shared file

1 normal
1 normal

C:\Program Files\Avira\AntiVir Desktop


C:\Program Files\ESET\ESET NOD32 Antiv

1 normal

C:\Program Files\USB Camera

4fc igfxtray.exe
4f8 hkcmd.exe
55c igfxpers.exe
7d8 DMAgent.exe
428 winampa.exe
738 WiMAXCU.exe
890 SynTPEnh.exe
954 DrvUpdater.exe
994 SynTPHelper.exe
a08 SearchIndexer.exe
a54 svchost.exe
b18 svchost.exe
e20 svchost.exe
9fc svchost.exe
5fc chrome.exe
tion
f98 chrome.exe
tion
c84 chrome.exe
tion
79c chrome.exe
tion
974 dllhost.exe
a00 chrome.exe
tion
708 SearchProtocolHost.exe
a74 SearchFilterHost.exe
c18 taskeng.exe
4f0 dpLMSPlayer.exe
cpu
eax
ebx
ecx
edx
esi
edi
eip
esp
ebp

1
1
1
0
1
1
1
1
1
0
0
0
0
0
1

normal
normal
normal

C:\Windows\System32
C:\Windows\System32
C:\Windows\System32

normal
normal
above normal
normal
above normal

C:\Program Files\Winamp
C:\Program Files\Intel\WiMAX\Bin
C:\Program Files\Synaptics\SynTP
C:\Users\MFL\AppData\Roaming\DRPSu
C:\Program Files\Synaptics\SynTP

normal

C:\Program Files\Google\Chrome\Applica

1 normal

C:\Program Files\Google\Chrome\Applica

1 normal

C:\Program Files\Google\Chrome\Applica

1 idle

C:\Program Files\Google\Chrome\Applica

0
1 idle

C:\Program Files\Google\Chrome\Applica

0
0 idle
0
1 normal

C:\Windows\system32
C:\Users\MFL\Desktop

registers:
= 0b52a100
= ffffffff
= 0b52a100
= 00806688
= 08b4d404
= 0021fe1c
= 00806688
= 0021f8c0
= 0021f900

stack dump:
0021f8c0 88
0021f8d0 d4
0021f8e0 04
0021f8f0 08
0021f900 34
0021f910 34
0021f920 50
0021f930 00
0021f940 4c
0021f950 90
0021f960 04
0021f970 50
0021f980 14
0021f990 cd
0021f9a0 00
0021f9b0 00
0021f9c0 f8
0021f9d0 58

66
f8
d4
f9
f9
f9
b3
00
4f
fa
d4
00
f9
7e
00
00
a6
fa

80
21
b4
21
21
21
53
00
40
21
b4
13
21
4a
ec
00
71
21

00
00
08
00
00
00
00
00
00
00
08
0a
00
00
00
00
09
00

de
88
1c
4c
00
04
00
90
90
70
0f
29
00
fe
10
00
a0
f8

fa
66
fe
4f
67
d4
00
fa
fa
ca
00
26
00
ff
00
00
a6
a6

ed
80
21
40
80
b4
00
21
21
47
00
1f
00
ff
00
00
71
71

0e
00
00
00
00
08
00
00
00
00
00
23
00
ff
00
00
09
09

01
00
00
00
3c
0f
00
86
98
00
00
22
14
e7
08
e7
a0
c8

00
a1
f9
f9
f9
00
00
1e
fa
00
00
00
fb
2f
fc
2f
a6
78

00
52
21
21
21
00
00
81
21
00
00
ec
21
1c
bc
1c
71
74

00
0b
00
00
00
00
00
00
00
00
00
00
00
77
08
77
09
09

07
ff
f0
00
4c
00
14
48
4c
00
00
00
ed
82
00
2d
57
a0

00
ff
f8
00
4f
00
f9
f9
4f
00
00
00
e0
2e
00
9b
ad
a6

00
ff
21
00
40
00
21
21
40
00
00
00
18
1c
00
77
66
71

00
ff
00
00
00
00
00
00
00
00
00
00
77
77
00
77
09
09

.f..............
..!..f....R.....
......!...!...!.
..!.LO@...!.....
4.!..g..<.!.LO@.
4.!.............
P.S...........!.
......!.....H.!.
LO@...!...!.LO@.
..!.p.G.........
................
P...)&.#".......
..!.......!....w
.~J....../.w...w
................
........./.w-.ww
..q...q...q.W.f.
X.!...q..xt...q.

0021f9e0 09 00 00 00 0a 00 00 00 - 01 00 00 00 ff ff ff ff ................
0021f9f0 2e 00 00 00 3c c9 04 00 - 4c b6 8c 09 6c de 7f 09 ....<...L...l...
disassembling:
[...]
0080666f 748
00806674 751
00806677
00806679
0080667e
00806683
>
00806688 753
0080668a
0080668b
0080668c
0080668d
[...]

call
mov
mov
mov
call
call
xor
pop
pop
pop
mov

-$108 ($80656c)
ecx, [ebp-4]
dl, 1
eax, [$805a34]
-$3a8f8b ($45d6f8)
-$401618 ($405070)
eax, eax
edx
ecx
ecx
fs:[eax], edx

; Recognizer.KillRecognizerThread

; SysUtils.Exception.Create
; System.@RaiseExcept