76

Re: #Bug PCMAV 8.0 Raptor

Bung Fajar, coba optimalkan lagi proses Cure virusnya soalnya kalau PCMAV deteksi virus dalam jumlah yang banyak/mencapai ribuan, masih terasa lambat. kalau boleh dioptimalisasi juga untuk proses cure. kalau soal PCMAV exit sendiri dan stop working saya rasa itu penykit lama PCMAV yang belum di dapatkan penyelesaiannya sampai sekarang, coba PCMAV 8.1 nanti dibuat se-kompleks mungkin agar tidak mudah di kill, dan tidak exit sendiri. dan Mad except harus dirancang juga untuk mendeteksi saat terjadi Stop working PCMAV biar ditahu sebabnya karena hal apa.

Last edited by Nababan (11-07-2012 20:20:44)

Thumbs up

77

Re: #Bug PCMAV 8.0 Raptor

cHR!$ is $!RHc wrote:

[quote=
itulah yang membuat PCMAV bernilai lebih dari pada si kacang ijo.
Semoga PCMAV selalu memberikan yang terbaik

Yapz... smile  smile  smile
Kalo di Forum tetangga mah kebanyakan janji2 n wacana molor.. kea yang sanggup aja dy meratiin source code Clamav, mana dl pake nanya user pula fitur yg mana yg diharapkan.. kesannya rada2 gimanaaaa gituh?? gag mampu tapi dipaksa2in..
trus wacana yang katanya Smadav Rev. 9 udah Free total, nyatanya... dibo'ongin lagi... udah kea berurusan ama anggota DPR aje  big_smile  big_smile  big_smile

Thumbs up

78

Re: #Bug PCMAV 8.0 Raptor

denidoank wrote:

saya jadi punya usul nih.. bagaimana kalo RTP sama main Scanner dibuat terpisah saja.. jadi kalo saat scanning tiba2 mati, RTPnya masih tetep running..

Berarti dibuat kayak versi yang dulu lagi donk, Tim PCMAV sdh berupaya untuk memadukan RTP dan Scanner koq dipisah lagi.. menurut saya juga kurang efektif mas, saya ingat waktu pakai versi PCMAV 1.8 biarpun terpisah RTP dan scanner biasanya RTP PCMAV juga yang menghilang ntah karena apa..

kasus di Laptop saya juga, PCMAV 8.0 saat running Scan tiba-tiba PCMAV menghilang dan RTpnya juga ikutan hilang, trus sering juga saat Proses scan berlangsung PCMAV langsung STOP Working... smoga versi 8.1 nanti bug demkian tidak terjadi lagi, mohon maaf detailnya saya tidak bisa jelaskan krn Bug reportnya tidak ada saat terjadi masalah itu.
http://img215.imageshack.us/img215/2885/pcmavstopworking.png
kalau sdh terjadi hal seperti ini semua aplikasi tidak dapat di jalankan makanya sblum scanning berlangsung saya membuka beberapa aplikasi dulu termasuk dekstop hunter untuk menyimpan screenshootnya.. setelah saya klik Close  pada Kotak tersebut baru aplikasi lain bisa dijalankan. Yang saya heran RTP shell masih tetap berjalan hanya PCMAV.exe yang sdh exit.

Thumbs up

79

Re: #Bug PCMAV 8.0 Raptor

saya bingung, pcmav benar" mendeteksi virus NgrBot n sortcut atau ini hanya false positive seperti kejadian sebelumnya, karena saya scan dengan MSE all good, gk ada maleware sama sekali, tapi sy scan dengan pcmav banyak mendeteksi varian NgrBot n sorcut di PC saya, sample sudah sy kirim ke pcmav n juga MSE tp sejauh ini belum ada tanggapan dari keduanya.

Thumbs up

80

Re: #Bug PCMAV 8.0 Raptor

BwoBlas wrote:

saya bingung, pcmav benar" mendeteksi virus NgrBot n sortcut atau ini hanya false positive seperti kejadian sebelumnya, karena saya scan dengan MSE all good, gk ada maleware sama sekali, tapi sy scan dengan pcmav banyak mendeteksi varian NgrBot n sorcut di PC saya, sample sudah sy kirim ke pcmav n juga MSE tp sejauh ini belum ada tanggapan dari keduanya.

Kirim lalu log atau buktinya laporkan biar diproses, kemungkinan besar false positive.

Like and Invite Your Friends to Like this Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Jika ada Pertanyaan kepada Redaksi, sampaikan melalui Twitter di @PCMedia_ID

81

Re: #Bug PCMAV 8.0 Raptor

Mas Joko.Nurjadi, PCMAV sering menghilang saat proses scanning itu apa penyebabnya ya??? RTp PCMAV pun sering exit dan Scanner STOP Working... akibatnya PC saya kena virus nih.

PCMAV belum bisa dipercayakan sepenuhnya menjaga PC?Laptop karena sering kabur duluan kemudian sering hang (error) buktinya Stop working saat scanning kalau di close malah exit dengan rtpnya.

Last edited by robert (12-07-2012 10:17:56)

Thumbs up

82

Re: #Bug PCMAV 8.0 Raptor

Berarti bukan di Laptop saya aja yang PCMAV sering STOP Working dalam proses scanning berlangsung.

saya sih hanya berharap versi 8.1 jauh lebih stabil dari versi 8.0 (yg telah diupdate ini).
Mas Fajar jgn lupa dioptimalisasi lagi PCMAVnya agar selama proses Scanning berlangsung aplikasi lain tidak berat saat dijalankan. karena sekarang saya rasa berat sekali menjalankan aplikasi lain slma proses scanning berlangsung pdhal jumlah Thread yg dipakai hanya 2.

Thumbs up

83

Re: #Bug PCMAV 8.0 Raptor

Terima kasih rekan-rekan forum yang sudah post bug, sebagian sudah di-fixed dan sebagian lagi masih diriset, detail poin mana yang sudah/belum fixed akan diusahakan kami update disini atau thread khusus secepatnya.

.: PC Media :.

Thumbs up +1

84

Re: #Bug PCMAV 8.0 Raptor

joko.nurjadi wrote:

Terima kasih rekan-rekan forum yang sudah post bug, sebagian sudah di-fixed dan sebagian lagi masih diriset, detail poin mana yang sudah/belum fixed akan diusahakan kami update disini atau thread khusus secepatnya.

Saya Tunggu Mas Joko.

Maaf mas klo bug report diatas ada yang sama persis, Maklum nge-postnya agak buru2 dan tanpa di filter, soalnya saya melakukan pengujian secara berulang-ulang. mungkin ada yang sama persis, tapi ada perbedaan yang dikit. hehehe...  smile

Bug PCMAV yang Terintegrasi dengan Clamav Library 0.96.0.1

date/time         : 2012-07-12, 12:53:44, 656ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 3 hours 31 minutes
program up time   : 2 minutes 59 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 102/958 MB (free/total)
free disk space   : (C:) 7.31 GB (D:) 997.68 MB
display mode      : 1024x768, 32 bit
process id        : $b8c
allocated memory  : 265.75 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $505b3959, $3ddc8c60, $3ddc8c60
exception number  : 2
exception message : The application seems to be frozen.

main thread ($858):
02fc4f6b +013 MSVCR80.dll               calloc
0459dce3 +163 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $f28:
7c90df48 +a ntdll.dll     NtWaitForMultipleObjects
7c80958a +0 kernel32.dll  WaitForMultipleObjectsEx

thread $98c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($858) at:
030916e9 +00 IDMShellExt.dll

thread $c58 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($858) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $828:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $eb0:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $730:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d60:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $d3c:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $a1c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   1   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  29  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 527 355 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   111 53  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
b8c PCMAV.exe    240 103 normal D:\PCMAV 8.0 Raptor with Clamav 0.96.0.1

disassembling:
02fc4f58 public calloc:                   ; function entry point
02fc4f58   push    ebp
02fc4f59   mov     ebp, esp
02fc4f5b   push    ecx
02fc4f5c   and     dword ptr [ebp-4], 0
02fc4f60   push    edi
02fc4f61   lea     eax, [ebp-4]
02fc4f64   push    eax
02fc4f65   push    dword ptr [ebp+$c]
02fc4f68   push    dword ptr [ebp+8]
02fc4f6b > call    -$197 ($2fc4dd9)
02fc4f6b
02fc4f70   mov     edi, eax
02fc4f72   add     esp, $c
02fc4f75   test    edi, edi
02fc4f77   jnz     loc_2fc4f92
02fc4f77
02fc4f79   push    esi
02fc4f7a   mov     esi, [ebp-4]
02fc4f7d   test    esi, esi
02fc4f7f   jz      loc_2fc4f91
02fc4f7f
02fc4f81   call    -$c3a ($2fc434c)       ; _errno (MSVCR80.dll)
02fc4f81
02fc4f86   test    eax, eax
02fc4f88   jz      loc_2fc4f91
02fc4f88
02fc4f8a   call    -$c43 ($2fc434c)       ; _errno (MSVCR80.dll)
02fc4f8a
02fc4f8f   mov     [eax], esi
02fc4f8a
02fc4f91 loc_2fc4f91:
02fc4f91   pop     esi
02fc4f8f
02fc4f92 loc_2fc4f92:
02fc4f92   mov     eax, edi
02fc4f94   pop     edi
02fc4f95   leave
02fc4f96   ret
date/time         : 2012-07-12, 12:56:06, 343ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 3 hours 33 minutes
program up time   : 5 minutes 21 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 26/958 MB (free/total)
free disk space   : (C:) 7.31 GB (D:) 997.67 MB
display mode      : 1024x768, 32 bit
process id        : $b8c
allocated memory  : 341.84 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $d0dd7de5, $11002a0d, $11002a0d
exception number  : 3
exception message : The application seems to be frozen.

main thread ($858):
0459dce3 +163 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $f28:
7c90df48 +a ntdll.dll     NtWaitForMultipleObjects
7c80958a +0 kernel32.dll  WaitForMultipleObjectsEx

thread $98c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($858) at:
030916e9 +00 IDMShellExt.dll

thread $c58 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($858) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $828:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $eb0:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $730:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d60:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $d3c:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $a1c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   1   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  29  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 524 355 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   111 53  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
b8c PCMAV.exe    240 103 normal D:\PCMAV 8.0 Raptor with Clamav 0.96.0.1

disassembling:
0459db80 public cl_load:                  ; function entry point
0459db80   push    ebp
0459db81   mov     ebp, esp
0459db83   and     esp, -8
0459db86   sub     esp, $34
0459db89   push    ebx
0459db8a   push    esi
0459db8b   mov     esi, [ebp+$c]
0459db8e   test    esi, esi
0459db90   push    edi
0459db91   jnz     loc_459dbaa
0459db91
0459db93   push    $4624eb4               ; 'cl_load: engine == NULL'
0459db98   call    -$17ebd ($4585ce0)
0459db98
0459db9d   add     esp, 4
0459dba0   lea     eax, [esi+2]
0459dba3   pop     edi
0459dba4   pop     esi
0459dba5   pop     ebx
0459dba6   mov     esp, ebp
0459dba8   pop     ebp
0459dba9   ret
0459dba9
0459dba9 ; ---------------------------------------------------------
0459dba9
0459dbaa loc_459dbaa:
0459dbaa   test    dword ptr [esi+8], $400
0459dbb1   jz      loc_459dbcc
0459dbb1
0459dbb3   push    $4624ed0               ; 'cl_load(): can't load new databases when engine is already compiled'
0459dbb8   call    -$17edd ($4585ce0)
0459dbb8
0459dbbd   add     esp, 4
0459dbc0   mov     eax, 3
0459dbc5   pop     edi
0459dbc6   pop     esi
0459dbc7   pop     ebx
0459dbc8   mov     esp, ebp
0459dbca   pop     ebp
0459dbcb   ret
0459dbcb
0459dbcb ; ---------------------------------------------------------
0459dbcb
0459dbcc loc_459dbcc:
0459dbcc   mov     edi, [ebp+8]
0459dbcf   lea     eax, [esp+$10]
0459dbd3   push    eax
0459dbd4   push    edi
0459dbd5   call    +$347c6 ($45d23a0)     ; cw_stat (libclamav.dll)
0459dbd5
0459dbda   add     esp, 8
0459dbdd   cmp     eax, -1
0459dbe0   jnz     loc_459dbfc
0459dbe0
0459dbe2   push    edi
0459dbe3   push    $4624f18
0459dbe8   call    -$17f0d ($4585ce0)
0459dbe8
0459dbed   add     esp, 8
0459dbf0   mov     eax, $c
0459dbf5   pop     edi
0459dbf6   pop     esi
0459dbf7   pop     ebx
0459dbf8   mov     esp, ebp
0459dbfa   pop     ebp
0459dbfb   ret
0459dbfb
0459dbfb ; ---------------------------------------------------------
0459dbfb
0459dbfc loc_459dbfc:
0459dbfc   mov     ebx, [ebp+$14]
0459dbff   test    bl, 8
0459dc02   jz      loc_459dc25
0459dc02
0459dc04   cmp     dword ptr [esi+$64], 0
0459dc08   jnz     loc_459dc25
0459dc08
0459dc0a   mov     ecx, [esi+$68]
0459dc0d   test    byte ptr [ecx+$1c], 1
0459dc11   jz      loc_459dc25
0459dc11
0459dc13   mov     ebx, esi
0459dc15   call    -$7dda ($4595e40)
0459dc15
0459dc1a   test    eax, eax
0459dc1c   jnz     loc_459dceb
0459dc1c
0459dc22   mov     ebx, [ebp+$14]
0459dc1c
0459dc25 loc_459dc25:
0459dc25   test    ebx, $2000
0459dc2b   jz      loc_459dc5b
0459dc2b
0459dc2d   cmp     dword ptr [esi+$94], 0
0459dc34   jnz     loc_459dc5b
0459dc34
0459dc36   mov     edx, [esi+$68]
0459dc39   mov     eax, [edx+$20]
0459dc3c   test    al, $f
0459dc3e   jz      loc_459dc5b
0459dc3e
0459dc40   push    eax
0459dc41   lea     eax, [esi+$8c]
0459dc47   push    eax
0459dc48   call    -$4eead ($454eda0)     ; #362 (libclamav.dll)
0459dc48
0459dc4d   add     esp, 8
0459dc50   test    eax, eax
0459dc52   jz      loc_459dc71
0459dc52
0459dc54   pop     edi
0459dc55   pop     esi
0459dc56   pop     ebx
0459dc57   mov     esp, ebp
0459dc59   pop     ebp
0459dc5a   ret
0459dc5a
0459dc5a ; ---------------------------------------------------------
0459dc5a
0459dc5b loc_459dc5b:
0459dc5b   cmp     byte ptr [$464042c], 0  ; #303 (libclamav.dll)
0459dc62   jz      loc_459dc71
0459dc62
0459dc64   push    $4624f3c               ; 'Bytecode engine disabled'
0459dc69   call    -$17efe ($4585d70)
0459dc69
0459dc6e   add     esp, 4
0459dc69
0459dc71 loc_459dc71:
0459dc71   push    esi
0459dc72   call    -$422c7 ($455b9b0)
0459dc72
0459dc77   add     esp, 4
0459dc7a   test    eax, eax
0459dc7c   jz      loc_459dc8a
0459dc7c
0459dc7e   mov     eax, $15
0459dc83   pop     edi
0459dc84   pop     esi
0459dc85   pop     ebx
0459dc86   mov     esp, ebp
0459dc88   pop     ebp
0459dc89   ret
0459dc89
0459dc89 ; ---------------------------------------------------------
0459dc89
0459dc8a loc_459dc8a:
0459dc8a   mov     eax, [esp+$16]
0459dc8e   or      [esi+8], ebx
0459dc91   and     eax, $f000
0459dc96   cmp     eax, $4000
0459dc9b   jz      loc_459dcd6
0459dc9b
0459dc9d   cmp     eax, $8000
0459dca2   jz      loc_459dcbe
0459dca2
0459dca4   push    edi
0459dca5   push    $4624f58               ; 'cl_load(%s): Not supported database file type'
0459dcaa   call    -$17fcf ($4585ce0)
0459dcaa
0459dcaf   add     esp, 8
0459dcb2   mov     eax, 9
0459dcb7   pop     edi
0459dcb8   pop     esi
0459dcb9   pop     ebx
0459dcba   mov     esp, ebp
0459dcbc   pop     ebp
0459dcbd   ret
0459dcbd
0459dcbd ; ---------------------------------------------------------
0459dcbd
0459dcbe loc_459dcbe:
0459dcbe   mov     ecx, [ebp+$10]
0459dcc1   push    0
0459dcc3   push    ebx
0459dcc4   push    ecx
0459dcc5   push    esi
0459dcc6   push    edi
0459dcc7   call    -$158c ($459c740)
0459dcc7
0459dccc   add     esp, $14
0459dccf   pop     edi
0459dcd0   pop     esi
0459dcd1   pop     ebx
0459dcd2   mov     esp, ebp
0459dcd4   pop     ebp
0459dcd5   ret
0459dcd5
0459dcd5 ; ---------------------------------------------------------
0459dcd5
0459dcd6 loc_459dcd6:
0459dcd6   mov     edx, [ebp+$10]
0459dcd9   or      ebx, $800
0459dcdf   push    ebx
0459dce0   push    edx
0459dce1   push    esi
0459dce2   push    edi
0459dce3 > call    -$fd8 ($459cd10)
0459dce3
0459dce8   add     esp, $10
0459dce3
0459dceb loc_459dceb:
0459dceb   pop     edi
0459dcec   pop     esi
0459dced   pop     ebx
0459dcee   mov     esp, ebp
0459dcf0   pop     ebp
0459dcf1   ret
date/time         : 2012-07-12, 13:38:22, 546ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 4 hours 15 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 150/958 MB (free/total)
free disk space   : (C:) 7.31 GB (D:) 997.53 MB
display mode      : 1024x768, 32 bit
process id        : $4e0
allocated memory  : 231.57 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $a7ab60a2, $c5094ca6, $c5094ca6
exception number  : 1
exception message : The application seems to be frozen.

main thread ($3b4):
7c910196 +0d2 ntdll.dll             RtlAllocateHeap
00757768 +298 PCMAV.exe segment%136 public%16966
00759a1e +102 PCMAV.exe segment%140 public%16988
008d9ef4 +11c PCMAV.exe segment%265 public%20615
008dc3d1 +cbd PCMAV.exe segment%265 public%20639
0059d621 +015 PCMAV.exe segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe segment%79  public%9694
004fd228 +2d4 PCMAV.exe segment%62  public%6000
00501b73 +5b3 PCMAV.exe segment%62  public%6159
0059e022 +5f2 PCMAV.exe segment%79  public%9588
004fce4c +024 PCMAV.exe segment%62  public%5993
00500f71 +10d PCMAV.exe segment%62  public%6150
00501080 +0bc PCMAV.exe segment%62  public%6151
00503c3e +026 PCMAV.exe segment%62  public%6250
004fd228 +2d4 PCMAV.exe segment%62  public%6000
00501b73 +5b3 PCMAV.exe segment%62  public%6159
0059e022 +5f2 PCMAV.exe segment%79  public%9588
004fce4c +024 PCMAV.exe segment%62  public%5993
004fb82a +026 PCMAV.exe segment%62  public%5909
0059d8ba +03a PCMAV.exe segment%79  public%9583
005a7473 +0b3 PCMAV.exe segment%79  public%9885
008f2289 +13d PCMAV.exe segment%393 public%20900

thread $b20:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $90c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($3b4) at:
030916e9 +00 IDMShellExt.dll

thread $154 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($3b4) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $528:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $a7c:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $298:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d54:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $ca8:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $688:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 522 355 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   105 50  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
4e0 PCMAV.exe    228 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.96.0.1

disassembling:
7c9100c4 public RtlAllocateHeap:          ; function entry point
7c9100c4   push    $204
7c9100c9   push    $7c9101e0
7c9100ce   call    -$1808 ($7c90e8cb)
7c9100ce
7c9100d3   mov     ebx, [ebp+8]
7c9100d6   mov     [ebp-$1c], ebx
7c9100d9   xor     edi, edi
7c9100db   mov     [ebp-$30], edi
7c9100de   mov     byte ptr [ebp-$1e], 0
7c9100e2   mov     [ebp-$34], edi
7c9100e5   mov     eax, [ebp+$c]
7c9100e8   or      eax, [ebx+$10]
7c9100eb   mov     [ebp+$c], eax
7c9100ee   test    eax, $7d030f60
7c9100f3   jnz     loc_7c919c00
7c9100f3
7c9100f9   mov     edx, [ebp+$10]
7c9100fc   cmp     edx, -$80000000
7c910102   jnb     loc_7c919c00
7c910102
7c910108   cmp     byte ptr [ebx+$586], 2
7c91010f   jz      loc_7c936baa
7c91010f
7c910115 loc_7c910115:
7c910115   test    edi, edi
7c910117   jnz     loc_7c936bcb
7c910117
7c91011d loc_7c91011d:
7c91011d   mov     eax, [ebp+$10]
7c910120   test    eax, eax
7c910122   jz      loc_7c910751
7c910122
7c910128 loc_7c910128:
7c910128   add     eax, $f
7c91012b   and     eax, -8
7c91012e   mov     [ebp-$24], eax
7c910131   test    edi, edi
7c910133   jnz     loc_7c937621
7c910133
7c910139 loc_7c910139:
7c910139   mov     edi, eax
7c91013b   shr     edi, 3
7c91013e   mov     [ebp-$64], edi
7c910141   xor     esi, esi
7c910143   cmp     byte ptr [ebx+$586], 1
7c91014a   jnz     loc_7c9112cd
7c91014a
7c910150   mov     eax, [ebx+$580]
7c91014a
7c910156 loc_7c910156:
7c910156   cmp     eax, esi
7c910158   jz      loc_7c910de2
7c910158
7c91015e   cmp     [ebx+$584], si
7c910165   jnz     loc_7c910de2
7c910165
7c91016b   cmp     edi, $80
7c910171   jnb     loc_7c910de2
7c910171
7c910177   lea     ecx, [edi+edi*2]
7c91017a   shl     ecx, 4
7c91017d   lea     esi, [ecx+eax]
7c910180   mov     eax, [esi+$c]
7c910183   sub     eax, [esi+$1c]
7c910186   movzx   ecx, word ptr [esi+8]
7c91018a   shl     ecx, 7
7c91018d   cmp     eax, ecx
7c91018f   jge     loc_7c910db4
7c91018f
7c910195 loc_7c910195:
7c910195   push    esi
7c910196 > call    +$56 ($7c9101f1)
7c910196
7c91019b   mov     esi, eax
7c91019d   mov     [ebp-$30], esi
7c9101a0   test    esi, esi
7c9101a2   jz      loc_7c911105
7c9101a2
7c9101a8   lea     edi, [esi-8]
7c9101ab   mov     al, [ebp-$24]
7c9101ae   mov     ecx, [ebp+$10]
7c9101b1   sub     al, cl
7c9101b3   mov     [edi+6], al
7c9101b6   mov     eax, edi
7c9101b8   shr     eax, 3
7c9101bb   xor     al, [ebx+4]
7c9101be   mov     [edi+4], al
7c9101c1   test    byte ptr [ebp+$c], 8
7c9101c5   jnz     loc_7c910234
7c9101c5
7c9101c7 loc_7c9101c7:
7c9101c7   test    byte ptr [$7ffe02f0], 2
7c9101ce   jnz     loc_7c93cdcb
7c9101ce
7c9101d4 loc_7c9101d4:
7c9101d4   mov     eax, esi
7c9101ce
7c9101d6 loc_7c9101d6:
7c9101d6   call    -$18d5 ($7c90e906)
7c9101d6
7c9101db   ret     $c
7c9101db
7c9101db ; ---------------------------------------------------------
7c9101db
7c910234 loc_7c910234:
7c910234   xor     eax, eax
7c910236   mov     edi, esi
7c910238   mov     edx, ecx
7c91023a   shr     ecx, 2
7c91023d   rep stosd
7c91023f   mov     ecx, edx
7c910241   and     ecx, 3
7c910244   rep stosb
7c910246   jmp     loc_7c9101c7
7c910246
7c910246 ; ---------------------------------------------------------
7c910246
7c910751 loc_7c910751:
7c910751   inc     eax
7c910752   jmp     loc_7c910128
7c910752
7c910752 ; ---------------------------------------------------------
7c910752
7c910757 loc_7c910757:
7c910757   mov     ecx, [ebp+$10]
7c91075a   xor     eax, eax
7c91075c   mov     edx, ecx
7c91075e   shr     ecx, 2
7c910761   rep stosd
7c910763   mov     ecx, edx
7c910765   and     ecx, 3
7c910768   rep stosb
7c91076a   jmp     loc_7c911094
7c91076a
7c91076a ; ---------------------------------------------------------
7c91076a
7c910781 loc_7c910781:
7c910781   dec     edx
7c910782   jz      loc_7c910e7c
7c910782
7c910788   dec     edx
7c910789   jz      loc_7c910e8e
7c910789
7c91078f   dec     edx
7c910790   jz      loc_7c910ea0
7c910790
7c910796   jmp     loc_7c910ea8
7c910796
7c910796 ; ---------------------------------------------------------
7c910796
7c91079b loc_7c91079b:
7c91079b   lea     edx, [ebx+$278]
7c9107a1   jmp     loc_7c910c83
7c9107a1
7c9107a1 ; ---------------------------------------------------------
7c9107a1
7c9107a6 loc_7c9107a6:
7c9107a6   shr     eax, $18
7c9107a9   movsx   eax, byte ptr [eax+$7c910b48]
7c9107b0   add     eax, $18
7c9107b3   jmp     loc_7c910cab
7c9107b3
7c9107b3 ; ---------------------------------------------------------
7c9107b3
7c9107b8 loc_7c9107b8:
7c9107b8   lea     edx, [ebx+$378]
7c9107be   jmp     loc_7c910c83
7c9107be
7c9107be ; ---------------------------------------------------------
7c9107be
7c9107c3 loc_7c9107c3:
7c9107c3   lea     edx, [ebx+$478]
7c9107c9   jmp     loc_7c910c83
7c9107c9
7c9107c9 ; ---------------------------------------------------------
7c9107c9
7c9107dc loc_7c9107dc:
7c9107dc   mov     ecx, [ecx]
7c9107de   jmp     loc_7c911282
7c9107de
7c9107de ; ---------------------------------------------------------
7c9107de
7c9107ea loc_7c9107ea:
7c9107ea   push    $7f
7c9107ec   pop     esi
7c9107ed   jmp     loc_7c9110c3
7c9107ed
7c9107ed ; ---------------------------------------------------------
7c9107ed
7c910aba loc_7c910aba:
7c910aba   lea     eax, [ecx-8]
7c910abd   mov     [ebp-$e8], eax
7c910ac3   cmp     bx, [eax]
7c910ac6   jbe     loc_7c911003
7c910ac6
7c910acc   mov     ecx, [ecx]
7c910ace   jmp     loc_7c910ff5
7c910ace
7c910ace ; ---------------------------------------------------------
7c910ace
7c910c48 loc_7c910c48:
7c910c48   movzx   eax, word ptr [esi]
7c910c4b   inc     eax
7c910c4c   mov     [esi], ax
7c910c4f   mov     ecx, [ebp-$24]
7c910c52   sub     ecx, [ebp+$10]
7c910c55   add     ecx, 8
7c910c58   mov     [ebp-$134], ecx
7c910c5e   cmp     ecx, $ff
7c910c64   jnb     loc_7c93cf00
7c910c64
7c910c6a   mov     [esi+6], cl
7c910c6d   jmp     loc_7c911056
7c910c6d
7c910c6d ; ---------------------------------------------------------
7c910c6d
7c910c72 loc_7c910c72:
7c910c72   mov     eax, [ebp-$48]
7c910c75   mov     cl, [eax+5]
7c910c78   or      cl, $10
7c910c7b   mov     [eax+5], cl
7c910c7e   jmp     loc_7c911063
7c910c7e
7c910c7e ; ---------------------------------------------------------
7c910c7e
7c910c83 loc_7c910c83:
7c910c83   mov     [ebp-$28], edx
7c910c86   mov     ecx, eax
7c910c88   test    ax, $ffff
7c910c8c   jnz     loc_7c910d29
7c910c8c
7c910c92   shr     ecx, $10
7c910c95   and     ecx, $ff
7c910c9b   jz      loc_7c9107a6
7c910c9b
7c910ca1   movsx   eax, byte ptr [ecx+$7c910b48]
7c910ca8   add     eax, $10
7c910ca1
7c910cab loc_7c910cab:
7c910cab   lea     eax, [edx+eax*8]
7c910cae   mov     [ebp-$28], eax
7c910cb1   mov     esi, [eax+4]
7c910cb4   sub     esi, 8
7c910cb7   mov     [ebp-$38], esi
7c910cba   lea     ecx, [esi+8]
7c910cbd   mov     edi, [ecx]
7c910cbf   mov     [ebp-$f4], edi
7c910cc5   mov     eax, [esi+$c]
7c910cc8   mov     [ebp-$98], eax
7c910cce   mov     edx, [eax]
7c910cd0   cmp     edx, [edi+4]
7c910cd3   jnz     loc_7c936929
7c910cd3
7c910cd9   cmp     edx, ecx
7c910cdb   jnz     loc_7c936929
7c910cdb
7c910ce1   mov     [eax], edi
7c910ce3   mov     [edi+4], eax
7c910ce1
7c910ce6 loc_7c910ce6:
7c910ce6   cmp     edi, eax
7c910ce8   jnz     loc_7c910f36
7c910ce8
7c910cee   movzx   ecx, word ptr [esi]
7c910cf1   mov     eax, ecx
7c910cf3   shr     eax, 3
7c910cf6   mov     [ebp-$d8], eax
7c910cfc   and     ecx, 7
7c910cff   xor     edx, edx
7c910d01   inc     edx
7c910d02   shl     edx, cl
7c910d04   mov     [ebp-$fc], edx
7c910d0a   lea     eax, [eax+ebx+$158]
7c910d11   xor     ecx, ecx
7c910d13   mov     cl, [eax]
7c910d15   xor     ecx, edx
7c910d17   mov     [eax], cl
7c910d19   jmp     loc_7c910f36
7c910d19
7c910d19 ; ---------------------------------------------------------
7c910d19
7c910d1e loc_7c910d1e:
7c910d1e   lea     edx, [ebx+$178]
7c910d24   jmp     loc_7c910c83
7c910d24
7c910d24 ; ---------------------------------------------------------
7c910d24
7c910d29 loc_7c910d29:
7c910d29   and     ecx, $ff
7c910d2f   jnz     loc_7c910d43
7c910d2f
7c910d31   movzx   eax, ah
7c910d34   movsx   eax, byte ptr [eax+$7c910b48]
7c910d3b   add     eax, 8
7c910d3e   jmp     loc_7c910cab
7c910d3e
7c910d3e ; ---------------------------------------------------------
7c910d3e
7c910d43 loc_7c910d43:
7c910d43   movsx   eax, byte ptr [ecx+$7c910b48]
7c910d4a   jmp     loc_7c910cab
7c910d4a
7c910d4a ; ---------------------------------------------------------
7c910d4a
7c910db4 loc_7c910db4:
7c910db4   push    esi
7c910db5   call    -$66 ($7c910d54)
7c910db5
7c910dba   jmp     loc_7c910195
7c910dba
7c910dba ; ---------------------------------------------------------
7c910dba
7c910de2 loc_7c910de2:
7c910de2   mov     [ebp-4], esi
7c910de5   mov     eax, [ebx+$170]
7c910deb   mov     [ebp-$194], eax
7c910df1   cmp     eax, esi
7c910df3   jnz     loc_7c912858
7c910df3
7c910df9 loc_7c910df9:
7c910df9   mov     [ebp-$40], esi
7c910dfc   mov     [ebp-$3c], esi
7c910df9
7c910dff loc_7c910dff:
7c910dff   test    byte ptr [ebp+$c], 1
7c910e03   jnz     loc_7c910e14
7c910e03
7c910e05   push    dword ptr [ebx+$578]
7c910e0b   call    -$fe10 ($7c901000)     ; RtlEnterCriticalSection (ntdll.dll)
7c910e0b
7c910e10   mov     byte ptr [ebp-$1e], 1
7c910e0b
7c910e14 loc_7c910e14:
7c910e14   cmp     edi, $80
7c910e1a   jnb     loc_7c9111af
7c910e1a
7c910e20   lea     eax, [ebx+edi*8+$178]
7c910e27   mov     [ebp-$28], eax
7c910e2a   cmp     [eax], eax
7c910e2c   jnz     loc_7c91175d
7c910e2c
7c910e32   mov     edx, edi
7c910e34   shr     edx, 5
7c910e37   mov     [ebp-$15c], edx
7c910e3d   lea     esi, [ebx+edx*4+$158]
7c910e44   mov     [ebp-$44], esi
7c910e47   mov     ecx, edi
7c910e49   and     ecx, $1f
7c910e4c   xor     eax, eax
7c910e4e   inc     eax
7c910e4f   shl     eax, cl
7c910e51   dec     eax
7c910e52   not     eax
7c910e54   and     eax, [esi]
7c910e56   mov     [ebp-$5c], eax
7c910e59   push    4
7c910e5b   pop     ecx
7c910e5c   add     esi, ecx
7c910e5e   mov     [ebp-$44], esi
7c910e61   sub     edx, 0
7c910e64   jnz     loc_7c910781
7c910e64
7c910e6a   test    eax, eax
7c910e6c   jnz     loc_7c910d1e
7c910e6c
7c910e72   mov     eax, [esi]
7c910e74   mov     [ebp-$5c], eax
7c910e77   add     esi, ecx
7c910e79   mov     [ebp-$44], esi
7c910e77
7c910e7c loc_7c910e7c:
7c910e7c   test    eax, eax
7c910e7e   jnz     loc_7c91079b
7c910e7e
7c910e84   mov     eax, [esi]
7c910e86   mov     [ebp-$5c], eax
7c910e89   add     esi, ecx
7c910e8b   mov     [ebp-$44], esi
7c910e89
7c910e8e loc_7c910e8e:
7c910e8e   test    eax, eax
7c910e90   jnz     loc_7c9107b8
7c910e90
7c910e96   mov     eax, [esi]
7c910e98   mov     [ebp-$5c], eax
7c910e9b   add     esi, ecx
7c910e9d   mov     [ebp-$44], esi
7c910e9b
7c910ea0 loc_7c910ea0:
7c910ea0   test    eax, eax
7c910ea2   jnz     loc_7c9107c3
7c910ea2
7c910ea8 loc_7c910ea8:
7c910ea8   lea     ecx, [ebx+$178]
7c910eae   mov     [ebp-$28], ecx
7c910eb1   cmp     dword ptr [ebx+$170], 0
7c910eb8   jnz     loc_7c91287b
7c910eb8
7c910ebe   mov     eax, [ecx+4]
7c910ec1   mov     [ebp-$6c], eax
7c910ec4   cmp     ecx, eax
7c910ec6   jz      loc_7c912482
7c910ec6
7c910ecc   add     eax, -8
7c910ecf   mov     [ebp-$38], eax
7c910ed2   movzx   eax, word ptr [eax]
7c910ed5   cmp     eax, edi
7c910ed7   jb      loc_7c912482
7c910ed7
7c910edd   mov     eax, [ebp-$28]
7c910ed7
7c910ee0 loc_7c910ee0:
7c910ee0   mov     eax, [eax]
7c910ee2   mov     [ebp-$6c], eax
7c910ee5   cmp     [ebp-$28], eax
7c910ee8   jz      loc_7c912482
7c910ee8
7c910eee   lea     esi, [eax-8]
7c910ef1   mov     [ebp-$38], esi
7c910ef4   movzx   ecx, word ptr [esi]
7c910ef7   cmp     ecx, edi
7c910ef9   jb      loc_7c910ee0
7c910ef9
7c910efb   push    esi
7c910efc   push    dword ptr [ebp-$1c]
7c910eff   call    -$880 ($7c910684)
7c910eff
7c910f04   lea     edx, [esi+8]
7c910f07   mov     [ebp-$10c], edx
7c910f0d   mov     eax, [edx]
7c910f0f   mov     [ebp-$16c], eax
7c910f15   mov     ecx, [edx+4]
7c910f18   mov     [ebp-$114], ecx
7c910f15
7c910f1e loc_7c910f1e:
7c910f1e   mov     edi, [ecx]
7c910f20   cmp     edi, [eax+4]
7c910f23   jnz     loc_7c936934
7c910f23
7c910f29   cmp     edi, edx
7c910f2b   jnz     loc_7c936934
7c910f2b
7c910f31   mov     [ecx], eax
7c910f33   mov     [eax+4], ecx
7c910f31
7c910f36 loc_7c910f36:
7c910f36   mov     al, [esi+5]
7c910f39   mov     [ebp-$1d], al
7c910f3c   movzx   eax, word ptr [esi]
7c910f3f   mov     edi, [ebp-$1c]
7c910f42   sub     [edi+$28], eax
7c910f45   mov     [ebp-$48], esi
7c910f48   mov     byte ptr [esi+5], 1
7c910f4c   movzx   ebx, word ptr [esi]
7c910f4f   mov     ecx, [ebp-$64]
7c910f52   sub     ebx, ecx
7c910f54   mov     [ebp-$ac], ebx
7c910f5a   mov     [esi], cx
7c910f5d   mov     eax, [ebp-$24]
7c910f60   sub     eax, [ebp+$10]
7c910f63   mov     [ebp-$124], eax
7c910f69   cmp     eax, $ff
7c910f6e   jnb     loc_7c93763e
7c910f6e
7c910f74   mov     [esi+6], al
7c910f6e
7c910f77 loc_7c910f77:
7c910f77   mov     edx, esi
7c910f79   shr     edx, 3
7c910f7c   xor     eax, eax
7c910f7e   mov     al, [edi+4]
7c910f81   xor     eax, edx
7c910f83   mov     [esi+4], al
7c910f86   test    ebx, ebx
7c910f88   jz      loc_7c911056
7c910f88
7c910f8e   cmp     ebx, 1
7c910f91   jz      loc_7c910c48
7c910f91
7c910f97   mov     eax, [ebp-$64]
7c910f9a   lea     edi, [esi+eax*8]
7c910f9d   mov     [ebp-$144], edi
7c910fa3   mov     cl, [ebp-$1d]
7c910fa6   mov     [edi+5], cl
7c910fa9   mov     [edi+2], ax
7c910fad   mov     al, [esi+7]
7c910fb0   mov     [edi+7], al
7c910fb3   mov     [edi], bx
7c910fb6   test    cl, $10
7c910fb9   jz      loc_7c911123
7c910fb9
7c910fbf   xor     eax, eax
7c910fc1   mov     al, [edi+5]
7c910fc4   and     eax, $10
7c910fc7   mov     [edi+5], al
7c910fca   cmp     bx, $80
7c910fcf   jb      loc_7c911305
7c910fcf
7c910fd5   mov     eax, [ebp-$1c]
7c910fd8   lea     esi, [eax+$178]
7c910fde   mov     [ebp-$e0], esi
7c910fe4   cmp     dword ptr [eax+$170], 0
7c910feb   jnz     loc_7c912927
7c910feb
7c910ff1   mov     eax, [esi]
7c910feb
7c910ff3 loc_7c910ff3:
7c910ff3   mov     ecx, eax
7c910ff1
7c910ff5 loc_7c910ff5:
7c910ff5   mov     [ebp-$90], ecx
7c910ffb   cmp     esi, ecx
7c910ffd   jnz     loc_7c910aba
7c910ffd
7c911003 loc_7c911003:
7c911003   lea     eax, [edi+8]
7c911006   mov     [ebp-$f0], eax
7c91100c   mov     edx, [ecx+4]
7c91100f   mov     [ebp-$f8], edx
7c91100c
7c911015 loc_7c911015:
7c911015   mov     [eax], ecx
7c911017   mov     [eax+4], edx
7c91101a   mov     [edx], eax
7c91101c   mov     [ecx+4], eax
7c91101f   push    edi
7c911020   push    dword ptr [ebp-$1c]
7c911023   call    -$96c ($7c9106bc)
7c911023
7c911028   mov     ecx, [ebp-$1c]
7c911023
7c91102b loc_7c91102b:
7c91102b   add     [ecx+$28], ebx
7c91102e   mov     esi, [ebp-$1c]
7c91102b
7c911031 loc_7c911031:
7c911031   mov     byte ptr [ebp-$1d], 0
7c911035   test    byte ptr [edi+5], $10
7c911039   jz      loc_7c911056
7c911039
7c91103b   cmp     byte ptr [edi+7], $40
7c91103f   jnb     loc_7c936951
7c91103f
7c911045   movzx   eax, byte ptr [edi+7]
7c911049   mov     esi, [esi+eax*4+$58]
7c91104d   mov     [ebp-$188], esi
7c911053   mov     [esi+$38], edi
7c91104d
7c911056 loc_7c911056:
7c911056   test    byte ptr [ebp-$1d], $10
7c91105a   jnz     loc_7c910c72
7c91105a
7c911060 loc_7c911060:
7c911060   mov     eax, [ebp-$48]
7c91105a
7c911063 loc_7c911063:
7c911063   lea     edi, [eax+8]
7c911066   mov     [ebp-$30], edi
7c911069   movzx   esi, word ptr [eax]
7c91106c   shl     esi, 3
7c91106f   mov     [ebp-$34], esi
7c911072   cmp     byte ptr [ebp-$1e], 0
7c911076   jz      loc_7c91108a
7c911076
7c911078   mov     eax, [ebp-$1c]
7c91107b   push    dword ptr [eax+$578]
7c911081   call    -$ffa6 ($7c9010e0)     ; RtlLeaveCriticalSection (ntdll.dll)
7c911081
7c911086   mov     byte ptr [ebp-$1e], 0
7c911081
7c91108a loc_7c91108a:
7c91108a   test    byte ptr [ebp+$c], 8
[...]
date/time         : 2012-07-12, 13:39:56, 687ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 4 hours 17 minutes
program up time   : 2 minutes 46 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 109/958 MB (free/total)
free disk space   : (C:) 7.30 GB (D:) 997.51 MB
display mode      : 1024x768, 32 bit
process id        : $4e0
allocated memory  : 259.28 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $57bd85a9, $fba8281d, $fba8281d
exception number  : 2
exception message : The application seems to be frozen.

main thread ($3b4):
7c9101d6 +112 ntdll.dll                 RtlAllocateHeap
0459dce3 +163 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $b20:
7c90df48 +a ntdll.dll     NtWaitForMultipleObjects
7c80958a +0 kernel32.dll  WaitForMultipleObjectsEx

thread $90c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($3b4) at:
030916e9 +00 IDMShellExt.dll

thread $154 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($3b4) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $528:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $a7c:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $298:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d54:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $ca8:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $688:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  29  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 534 359 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   111 53  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
4e0 PCMAV.exe    240 103 normal D:\PCMAV 8.0 Raptor with Clamav 0.96.0.1

disassembling:
7c9100c4 public RtlAllocateHeap:          ; function entry point
7c9100c4   push    $204
7c9100c9   push    $7c9101e0
7c9100ce   call    -$1808 ($7c90e8cb)
7c9100ce
7c9100d3   mov     ebx, [ebp+8]
7c9100d6   mov     [ebp-$1c], ebx
7c9100d9   xor     edi, edi
7c9100db   mov     [ebp-$30], edi
7c9100de   mov     byte ptr [ebp-$1e], 0
7c9100e2   mov     [ebp-$34], edi
7c9100e5   mov     eax, [ebp+$c]
7c9100e8   or      eax, [ebx+$10]
7c9100eb   mov     [ebp+$c], eax
7c9100ee   test    eax, $7d030f60
7c9100f3   jnz     loc_7c919c00
7c9100f3
7c9100f9   mov     edx, [ebp+$10]
7c9100fc   cmp     edx, -$80000000
7c910102   jnb     loc_7c919c00
7c910102
7c910108   cmp     byte ptr [ebx+$586], 2
7c91010f   jz      loc_7c936baa
7c91010f
7c910115 loc_7c910115:
7c910115   test    edi, edi
7c910117   jnz     loc_7c936bcb
7c910117
7c91011d loc_7c91011d:
7c91011d   mov     eax, [ebp+$10]
7c910120   test    eax, eax
7c910122   jz      loc_7c910751
7c910122
7c910128 loc_7c910128:
7c910128   add     eax, $f
7c91012b   and     eax, -8
7c91012e   mov     [ebp-$24], eax
7c910131   test    edi, edi
7c910133   jnz     loc_7c937621
7c910133
7c910139 loc_7c910139:
7c910139   mov     edi, eax
7c91013b   shr     edi, 3
7c91013e   mov     [ebp-$64], edi
7c910141   xor     esi, esi
7c910143   cmp     byte ptr [ebx+$586], 1
7c91014a   jnz     loc_7c9112cd
7c91014a
7c910150   mov     eax, [ebx+$580]
7c91014a
7c910156 loc_7c910156:
7c910156   cmp     eax, esi
7c910158   jz      loc_7c910de2
7c910158
7c91015e   cmp     [ebx+$584], si
7c910165   jnz     loc_7c910de2
7c910165
7c91016b   cmp     edi, $80
7c910171   jnb     loc_7c910de2
7c910171
7c910177   lea     ecx, [edi+edi*2]
7c91017a   shl     ecx, 4
7c91017d   lea     esi, [ecx+eax]
7c910180   mov     eax, [esi+$c]
7c910183   sub     eax, [esi+$1c]
7c910186   movzx   ecx, word ptr [esi+8]
7c91018a   shl     ecx, 7
7c91018d   cmp     eax, ecx
7c91018f   jge     loc_7c910db4
7c91018f
7c910195 loc_7c910195:
7c910195   push    esi
7c910196   call    +$56 ($7c9101f1)
7c910196
7c91019b   mov     esi, eax
7c91019d   mov     [ebp-$30], esi
7c9101a0   test    esi, esi
7c9101a2   jz      loc_7c911105
7c9101a2
7c9101a8   lea     edi, [esi-8]
7c9101ab   mov     al, [ebp-$24]
7c9101ae   mov     ecx, [ebp+$10]
7c9101b1   sub     al, cl
7c9101b3   mov     [edi+6], al
7c9101b6   mov     eax, edi
7c9101b8   shr     eax, 3
7c9101bb   xor     al, [ebx+4]
7c9101be   mov     [edi+4], al
7c9101c1   test    byte ptr [ebp+$c], 8
7c9101c5   jnz     loc_7c910234
7c9101c5
7c9101c7 loc_7c9101c7:
7c9101c7   test    byte ptr [$7ffe02f0], 2
7c9101ce   jnz     loc_7c93cdcb
7c9101ce
7c9101d4 loc_7c9101d4:
7c9101d4   mov     eax, esi
7c9101ce
7c9101d6 loc_7c9101d6:
7c9101d6 > call    -$18d5 ($7c90e906)
7c9101d6
7c9101db   ret     $c
7c9101db
7c9101db ; ---------------------------------------------------------
7c9101db
7c910234 loc_7c910234:
7c910234   xor     eax, eax
7c910236   mov     edi, esi
7c910238   mov     edx, ecx
7c91023a   shr     ecx, 2
7c91023d   rep stosd
7c91023f   mov     ecx, edx
7c910241   and     ecx, 3
7c910244   rep stosb
7c910246   jmp     loc_7c9101c7
7c910246
7c910246 ; ---------------------------------------------------------
7c910246
7c910751 loc_7c910751:
7c910751   inc     eax
7c910752   jmp     loc_7c910128
7c910752
7c910752 ; ---------------------------------------------------------
7c910752
7c910757 loc_7c910757:
7c910757   mov     ecx, [ebp+$10]
7c91075a   xor     eax, eax
7c91075c   mov     edx, ecx
7c91075e   shr     ecx, 2
7c910761   rep stosd
7c910763   mov     ecx, edx
7c910765   and     ecx, 3
7c910768   rep stosb
7c91076a   jmp     loc_7c911094
7c91076a
7c91076a ; ---------------------------------------------------------
7c91076a
7c910781 loc_7c910781:
7c910781   dec     edx
7c910782   jz      loc_7c910e7c
7c910782
7c910788   dec     edx
7c910789   jz      loc_7c910e8e
7c910789
7c91078f   dec     edx
7c910790   jz      loc_7c910ea0
7c910790
7c910796   jmp     loc_7c910ea8
7c910796
7c910796 ; ---------------------------------------------------------
7c910796
7c91079b loc_7c91079b:
7c91079b   lea     edx, [ebx+$278]
7c9107a1   jmp     loc_7c910c83
7c9107a1
7c9107a1 ; ---------------------------------------------------------
7c9107a1
7c9107a6 loc_7c9107a6:
7c9107a6   shr     eax, $18
7c9107a9   movsx   eax, byte ptr [eax+$7c910b48]
7c9107b0   add     eax, $18
7c9107b3   jmp     loc_7c910cab
7c9107b3
7c9107b3 ; ---------------------------------------------------------
7c9107b3
7c9107b8 loc_7c9107b8:
7c9107b8   lea     edx, [ebx+$378]
7c9107be   jmp     loc_7c910c83
7c9107be
7c9107be ; ---------------------------------------------------------
7c9107be
7c9107c3 loc_7c9107c3:
7c9107c3   lea     edx, [ebx+$478]
7c9107c9   jmp     loc_7c910c83
7c9107c9
7c9107c9 ; ---------------------------------------------------------
7c9107c9
7c9107dc loc_7c9107dc:
7c9107dc   mov     ecx, [ecx]
7c9107de   jmp     loc_7c911282
7c9107de
7c9107de ; ---------------------------------------------------------
7c9107de
7c9107ea loc_7c9107ea:
7c9107ea   push    $7f
7c9107ec   pop     esi
7c9107ed   jmp     loc_7c9110c3
7c9107ed
7c9107ed ; ---------------------------------------------------------
7c9107ed
7c910aba loc_7c910aba:
7c910aba   lea     eax, [ecx-8]
7c910abd   mov     [ebp-$e8], eax
7c910ac3   cmp     bx, [eax]
7c910ac6   jbe     loc_7c911003
7c910ac6
7c910acc   mov     ecx, [ecx]
7c910ace   jmp     loc_7c910ff5
7c910ace
7c910ace ; ---------------------------------------------------------
7c910ace
7c910c48 loc_7c910c48:
7c910c48   movzx   eax, word ptr [esi]
7c910c4b   inc     eax
7c910c4c   mov     [esi], ax
7c910c4f   mov     ecx, [ebp-$24]
7c910c52   sub     ecx, [ebp+$10]
7c910c55   add     ecx, 8
7c910c58   mov     [ebp-$134], ecx
7c910c5e   cmp     ecx, $ff
7c910c64   jnb     loc_7c93cf00
7c910c64
7c910c6a   mov     [esi+6], cl
7c910c6d   jmp     loc_7c911056
7c910c6d
7c910c6d ; ---------------------------------------------------------
7c910c6d
7c910c72 loc_7c910c72:
7c910c72   mov     eax, [ebp-$48]
7c910c75   mov     cl, [eax+5]
7c910c78   or      cl, $10
7c910c7b   mov     [eax+5], cl
7c910c7e   jmp     loc_7c911063
7c910c7e
7c910c7e ; ---------------------------------------------------------
7c910c7e
7c910c83 loc_7c910c83:
7c910c83   mov     [ebp-$28], edx
7c910c86   mov     ecx, eax
7c910c88   test    ax, $ffff
7c910c8c   jnz     loc_7c910d29
7c910c8c
7c910c92   shr     ecx, $10
7c910c95   and     ecx, $ff
7c910c9b   jz      loc_7c9107a6
7c910c9b
7c910ca1   movsx   eax, byte ptr [ecx+$7c910b48]
7c910ca8   add     eax, $10
7c910ca1
7c910cab loc_7c910cab:
7c910cab   lea     eax, [edx+eax*8]
7c910cae   mov     [ebp-$28], eax
7c910cb1   mov     esi, [eax+4]
7c910cb4   sub     esi, 8
7c910cb7   mov     [ebp-$38], esi
7c910cba   lea     ecx, [esi+8]
7c910cbd   mov     edi, [ecx]
7c910cbf   mov     [ebp-$f4], edi
7c910cc5   mov     eax, [esi+$c]
7c910cc8   mov     [ebp-$98], eax
7c910cce   mov     edx, [eax]
7c910cd0   cmp     edx, [edi+4]
7c910cd3   jnz     loc_7c936929
7c910cd3
7c910cd9   cmp     edx, ecx
7c910cdb   jnz     loc_7c936929
7c910cdb
7c910ce1   mov     [eax], edi
7c910ce3   mov     [edi+4], eax
7c910ce1
7c910ce6 loc_7c910ce6:
7c910ce6   cmp     edi, eax
7c910ce8   jnz     loc_7c910f36
7c910ce8
7c910cee   movzx   ecx, word ptr [esi]
7c910cf1   mov     eax, ecx
7c910cf3   shr     eax, 3
7c910cf6   mov     [ebp-$d8], eax
7c910cfc   and     ecx, 7
7c910cff   xor     edx, edx
7c910d01   inc     edx
7c910d02   shl     edx, cl
7c910d04   mov     [ebp-$fc], edx
7c910d0a   lea     eax, [eax+ebx+$158]
7c910d11   xor     ecx, ecx
7c910d13   mov     cl, [eax]
7c910d15   xor     ecx, edx
7c910d17   mov     [eax], cl
7c910d19   jmp     loc_7c910f36
7c910d19
7c910d19 ; ---------------------------------------------------------
7c910d19
7c910d1e loc_7c910d1e:
7c910d1e   lea     edx, [ebx+$178]
7c910d24   jmp     loc_7c910c83
7c910d24
7c910d24 ; ---------------------------------------------------------
7c910d24
7c910d29 loc_7c910d29:
7c910d29   and     ecx, $ff
7c910d2f   jnz     loc_7c910d43
7c910d2f
7c910d31   movzx   eax, ah
7c910d34   movsx   eax, byte ptr [eax+$7c910b48]
7c910d3b   add     eax, 8
7c910d3e   jmp     loc_7c910cab
7c910d3e
7c910d3e ; ---------------------------------------------------------
7c910d3e
7c910d43 loc_7c910d43:
7c910d43   movsx   eax, byte ptr [ecx+$7c910b48]
7c910d4a   jmp     loc_7c910cab
7c910d4a
7c910d4a ; ---------------------------------------------------------
7c910d4a
7c910db4 loc_7c910db4:
7c910db4   push    esi
7c910db5   call    -$66 ($7c910d54)
7c910db5
7c910dba   jmp     loc_7c910195
7c910dba
7c910dba ; ---------------------------------------------------------
7c910dba
7c910de2 loc_7c910de2:
7c910de2   mov     [ebp-4], esi
7c910de5   mov     eax, [ebx+$170]
7c910deb   mov     [ebp-$194], eax
7c910df1   cmp     eax, esi
7c910df3   jnz     loc_7c912858
7c910df3
7c910df9 loc_7c910df9:
7c910df9   mov     [ebp-$40], esi
7c910dfc   mov     [ebp-$3c], esi
7c910df9
7c910dff loc_7c910dff:
7c910dff   test    byte ptr [ebp+$c], 1
7c910e03   jnz     loc_7c910e14
7c910e03
7c910e05   push    dword ptr [ebx+$578]
7c910e0b   call    -$fe10 ($7c901000)     ; RtlEnterCriticalSection (ntdll.dll)
7c910e0b
7c910e10   mov     byte ptr [ebp-$1e], 1
7c910e0b
7c910e14 loc_7c910e14:
7c910e14   cmp     edi, $80
7c910e1a   jnb     loc_7c9111af
7c910e1a
7c910e20   lea     eax, [ebx+edi*8+$178]
7c910e27   mov     [ebp-$28], eax
7c910e2a   cmp     [eax], eax
7c910e2c   jnz     loc_7c91175d
7c910e2c
7c910e32   mov     edx, edi
7c910e34   shr     edx, 5
7c910e37   mov     [ebp-$15c], edx
7c910e3d   lea     esi, [ebx+edx*4+$158]
7c910e44   mov     [ebp-$44], esi
7c910e47   mov     ecx, edi
7c910e49   and     ecx, $1f
7c910e4c   xor     eax, eax
7c910e4e   inc     eax
7c910e4f   shl     eax, cl
7c910e51   dec     eax
7c910e52   not     eax
7c910e54   and     eax, [esi]
7c910e56   mov     [ebp-$5c], eax
7c910e59   push    4
7c910e5b   pop     ecx
7c910e5c   add     esi, ecx
7c910e5e   mov     [ebp-$44], esi
7c910e61   sub     edx, 0
7c910e64   jnz     loc_7c910781
7c910e64
7c910e6a   test    eax, eax
7c910e6c   jnz     loc_7c910d1e
7c910e6c
7c910e72   mov     eax, [esi]
7c910e74   mov     [ebp-$5c], eax
7c910e77   add     esi, ecx
7c910e79   mov     [ebp-$44], esi
7c910e77
7c910e7c loc_7c910e7c:
7c910e7c   test    eax, eax
7c910e7e   jnz     loc_7c91079b
7c910e7e
7c910e84   mov     eax, [esi]
7c910e86   mov     [ebp-$5c], eax
7c910e89   add     esi, ecx
7c910e8b   mov     [ebp-$44], esi
7c910e89
7c910e8e loc_7c910e8e:
7c910e8e   test    eax, eax
7c910e90   jnz     loc_7c9107b8
7c910e90
7c910e96   mov     eax, [esi]
7c910e98   mov     [ebp-$5c], eax
7c910e9b   add     esi, ecx
7c910e9d   mov     [ebp-$44], esi
7c910e9b
7c910ea0 loc_7c910ea0:
7c910ea0   test    eax, eax
7c910ea2   jnz     loc_7c9107c3
7c910ea2
7c910ea8 loc_7c910ea8:
7c910ea8   lea     ecx, [ebx+$178]
7c910eae   mov     [ebp-$28], ecx
7c910eb1   cmp     dword ptr [ebx+$170], 0
7c910eb8   jnz     loc_7c91287b
7c910eb8
7c910ebe   mov     eax, [ecx+4]
7c910ec1   mov     [ebp-$6c], eax
7c910ec4   cmp     ecx, eax
7c910ec6   jz      loc_7c912482
7c910ec6
7c910ecc   add     eax, -8
7c910ecf   mov     [ebp-$38], eax
7c910ed2   movzx   eax, word ptr [eax]
7c910ed5   cmp     eax, edi
7c910ed7   jb      loc_7c912482
7c910ed7
7c910edd   mov     eax, [ebp-$28]
7c910ed7
7c910ee0 loc_7c910ee0:
7c910ee0   mov     eax, [eax]
7c910ee2   mov     [ebp-$6c], eax
7c910ee5   cmp     [ebp-$28], eax
7c910ee8   jz      loc_7c912482
7c910ee8
7c910eee   lea     esi, [eax-8]
7c910ef1   mov     [ebp-$38], esi
7c910ef4   movzx   ecx, word ptr [esi]
7c910ef7   cmp     ecx, edi
7c910ef9   jb      loc_7c910ee0
7c910ef9
7c910efb   push    esi
7c910efc   push    dword ptr [ebp-$1c]
7c910eff   call    -$880 ($7c910684)
7c910eff
7c910f04   lea     edx, [esi+8]
7c910f07   mov     [ebp-$10c], edx
7c910f0d   mov     eax, [edx]
7c910f0f   mov     [ebp-$16c], eax
7c910f15   mov     ecx, [edx+4]
7c910f18   mov     [ebp-$114], ecx
7c910f15
7c910f1e loc_7c910f1e:
7c910f1e   mov     edi, [ecx]
7c910f20   cmp     edi, [eax+4]
7c910f23   jnz     loc_7c936934
7c910f23
7c910f29   cmp     edi, edx
7c910f2b   jnz     loc_7c936934
7c910f2b
7c910f31   mov     [ecx], eax
7c910f33   mov     [eax+4], ecx
7c910f31
7c910f36 loc_7c910f36:
7c910f36   mov     al, [esi+5]
7c910f39   mov     [ebp-$1d], al
7c910f3c   movzx   eax, word ptr [esi]
7c910f3f   mov     edi, [ebp-$1c]
7c910f42   sub     [edi+$28], eax
7c910f45   mov     [ebp-$48], esi
7c910f48   mov     byte ptr [esi+5], 1
7c910f4c   movzx   ebx, word ptr [esi]
7c910f4f   mov     ecx, [ebp-$64]
7c910f52   sub     ebx, ecx
7c910f54   mov     [ebp-$ac], ebx
7c910f5a   mov     [esi], cx
7c910f5d   mov     eax, [ebp-$24]
7c910f60   sub     eax, [ebp+$10]
7c910f63   mov     [ebp-$124], eax
7c910f69   cmp     eax, $ff
7c910f6e   jnb     loc_7c93763e
7c910f6e
7c910f74   mov     [esi+6], al
7c910f6e
7c910f77 loc_7c910f77:
7c910f77   mov     edx, esi
7c910f79   shr     edx, 3
7c910f7c   xor     eax, eax
7c910f7e   mov     al, [edi+4]
7c910f81   xor     eax, edx
7c910f83   mov     [esi+4], al
7c910f86   test    ebx, ebx
7c910f88   jz      loc_7c911056
7c910f88
7c910f8e   cmp     ebx, 1
7c910f91   jz      loc_7c910c48
7c910f91
7c910f97   mov     eax, [ebp-$64]
7c910f9a   lea     edi, [esi+eax*8]
7c910f9d   mov     [ebp-$144], edi
7c910fa3   mov     cl, [ebp-$1d]
7c910fa6   mov     [edi+5], cl
7c910fa9   mov     [edi+2], ax
7c910fad   mov     al, [esi+7]
7c910fb0   mov     [edi+7], al
7c910fb3   mov     [edi], bx
7c910fb6   test    cl, $10
7c910fb9   jz      loc_7c911123
7c910fb9
7c910fbf   xor     eax, eax
7c910fc1   mov     al, [edi+5]
7c910fc4   and     eax, $10
7c910fc7   mov     [edi+5], al
7c910fca   cmp     bx, $80
7c910fcf   jb      loc_7c911305
7c910fcf
7c910fd5   mov     eax, [ebp-$1c]
7c910fd8   lea     esi, [eax+$178]
7c910fde   mov     [ebp-$e0], esi
7c910fe4   cmp     dword ptr [eax+$170], 0
7c910feb   jnz     loc_7c912927
7c910feb
7c910ff1   mov     eax, [esi]
7c910feb
7c910ff3 loc_7c910ff3:
7c910ff3   mov     ecx, eax
7c910ff1
7c910ff5 loc_7c910ff5:
7c910ff5   mov     [ebp-$90], ecx
7c910ffb   cmp     esi, ecx
7c910ffd   jnz     loc_7c910aba
7c910ffd
7c911003 loc_7c911003:
7c911003   lea     eax, [edi+8]
7c911006   mov     [ebp-$f0], eax
7c91100c   mov     edx, [ecx+4]
7c91100f   mov     [ebp-$f8], edx
7c91100c
7c911015 loc_7c911015:
7c911015   mov     [eax], ecx
7c911017   mov     [eax+4], edx
7c91101a   mov     [edx], eax
7c91101c   mov     [ecx+4], eax
7c91101f   push    edi
7c911020   push    dword ptr [ebp-$1c]
7c911023   call    -$96c ($7c9106bc)
7c911023
7c911028   mov     ecx, [ebp-$1c]
7c911023
7c91102b loc_7c91102b:
7c91102b   add     [ecx+$28], ebx
7c91102e   mov     esi, [ebp-$1c]
7c91102b
7c911031 loc_7c911031:
7c911031   mov     byte ptr [ebp-$1d], 0
7c911035   test    byte ptr [edi+5], $10
7c911039   jz      loc_7c911056
7c911039
7c91103b   cmp     byte ptr [edi+7], $40
7c91103f   jnb     loc_7c936951
7c91103f
7c911045   movzx   eax, byte ptr [edi+7]
7c911049   mov     esi, [esi+eax*4+$58]
7c91104d   mov     [ebp-$188], esi
7c911053   mov     [esi+$38], edi
7c91104d
7c911056 loc_7c911056:
7c911056   test    byte ptr [ebp-$1d], $10
7c91105a   jnz     loc_7c910c72
7c91105a
7c911060 loc_7c911060:
7c911060   mov     eax, [ebp-$48]
7c91105a
7c911063 loc_7c911063:
7c911063   lea     edi, [eax+8]
7c911066   mov     [ebp-$30], edi
7c911069   movzx   esi, word ptr [eax]
7c91106c   shl     esi, 3
7c91106f   mov     [ebp-$34], esi
7c911072   cmp     byte ptr [ebp-$1e], 0
7c911076   jz      loc_7c91108a
7c911076
7c911078   mov     eax, [ebp-$1c]
7c91107b   push    dword ptr [eax+$578]
7c911081   call    -$ffa6 ($7c9010e0)     ; RtlLeaveCriticalSection (ntdll.dll)
7c911081
7c911086   mov     byte ptr [ebp-$1e], 0
7c911081
7c91108a loc_7c91108a:
7c91108a   test    byte ptr [ebp+$c], 8
7c91108e   jnz     loc_7c910757
7c91108e
7c911094 loc_7c911094:
7c911094   or      dword ptr [ebp-4], -1
7c911098   call    +$5a ($7c9110f7)
7c911098
7c91109d   cmp     byte ptr [edi+$586], 1
7c9110a4   jnz     loc_7c9112d4
7c9110a4
7c9110aa   mov     eax, [edi+$580]
7c9110a4
7c9110b0 loc_7c9110b0:
7c9110b0   test    eax, eax
7c9110b2   jz      loc_7c9110cf
7c9110b2
7c9110b4   shr     esi, $a
7c9110b7   cmp     esi, $80
7c9110bd   jnb     loc_7c9107ea
7c9110bd
7c9110c3 loc_7c9110c3:
7c9110c3   lea     ecx, [esi+esi*2]
7c9110c6   shl     ecx, 4
7c9110c9   lea     eax, [ecx+eax+$24]
7c9110cd   inc     dword ptr [eax]
7c9110c9
7c9110cf loc_7c9110cf:
7c9110cf   mov     eax, [ebp-$40]
[...]

Last edited by indraramadhan094 (12-07-2012 14:25:14)

Like and Invite Your Friends to Like this Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Jika ada Pertanyaan kepada Redaksi, sampaikan melalui Twitter di @PCMedia_ID

85

Re: #Bug PCMAV 8.0 Raptor

date/time         : 2012-07-12, 13:42:37, 406ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 4 hours 20 minutes
program up time   : 5 minutes 27 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 32/958 MB (free/total)
free disk space   : (C:) 7.30 GB (D:) 997.49 MB
display mode      : 1024x768, 32 bit
process id        : $4e0
allocated memory  : 337.50 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $3dca6150, $605adbe6, $605adbe6
exception number  : 3
exception message : The application seems to be frozen.

main thread ($3b4):
00757768 +298 PCMAV.exe segment%136 public%16966
00759a1e +102 PCMAV.exe segment%140 public%16988
008d9ef4 +11c PCMAV.exe segment%265 public%20615
008dc3d1 +cbd PCMAV.exe segment%265 public%20639
0059d621 +015 PCMAV.exe segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe segment%79  public%9694
004fd228 +2d4 PCMAV.exe segment%62  public%6000
00501b73 +5b3 PCMAV.exe segment%62  public%6159
0059e022 +5f2 PCMAV.exe segment%79  public%9588
004fce4c +024 PCMAV.exe segment%62  public%5993
00500f71 +10d PCMAV.exe segment%62  public%6150
00501080 +0bc PCMAV.exe segment%62  public%6151
00503c3e +026 PCMAV.exe segment%62  public%6250
004fd228 +2d4 PCMAV.exe segment%62  public%6000
00501b73 +5b3 PCMAV.exe segment%62  public%6159
0059e022 +5f2 PCMAV.exe segment%79  public%9588
004fce4c +024 PCMAV.exe segment%62  public%5993
004fb82a +026 PCMAV.exe segment%62  public%5909
0059d8ba +03a PCMAV.exe segment%79  public%9583
005a7473 +0b3 PCMAV.exe segment%79  public%9885
008f2289 +13d PCMAV.exe segment%393 public%20900

thread $b20:
7c90df48 +a ntdll.dll     NtWaitForMultipleObjects
7c80958a +0 kernel32.dll  WaitForMultipleObjectsEx

thread $90c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($3b4) at:
030916e9 +00 IDMShellExt.dll

thread $154 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($3b4) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $528:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $a7c:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $298:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($3b4) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d54:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $ca8:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $688:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   1   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  29  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 520 355 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   111 53  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
4e0 PCMAV.exe    240 103 normal D:\PCMAV 8.0 Raptor with Clamav 0.96.0.1

disassembling:
007574d0 public segment%136.public%16966 (PCMAV.exe):  ; function entry point
007574d0   push    ebp
007574d1   mov     ebp, esp
007574d3   push    ecx
007574d4   mov     ecx, $e
007574d3
007574d9 loc_7574d9:
007574d9   push    0
007574db   push    0
007574dd   dec     ecx
007574de   jnz     loc_7574d9
007574de
007574e0   xchg    ecx, [ebp-4]
007574e3   push    ebx
007574e4   push    esi
007574e5   push    edi
007574e6   mov     esi, [ebp+$c]
007574e9   lea     edi, [ebp-$2c]
007574ec   push    ecx
007574ed   mov     ecx, 6
007574f2   rep movsd
007574f4   pop     ecx
007574f5   mov     [ebp-4], edx
007574f8   mov     [ebp-$c], eax
007574fb   mov     eax, [ebp-4]
007574fe   call    -$34ed9b ($408768)     ; segment%0.public%341 (PCMAV.exe)
007574fe
00757503   xor     eax, eax
00757505   push    ebp
00757506   push    $7579d3                ; segment%0.public%300 (PCMAV.exe)
0075750b   push    dword ptr fs:[eax]
0075750e   mov     fs:[eax], esp
00757511   mov     byte ptr [ebp-$d], 0
00757515   lea     eax, [ebp-8]
00757518   mov     edx, [ebp-4]
0075751b   call    -$34e9e0 ($408b40)     ; segment%0.public%359 (PCMAV.exe)
0075751b
00757520   xor     ecx, ecx
00757522   push    ebp
00757523   push    $757935                ; segment%0.public%298 (PCMAV.exe)
00757528   push    dword ptr fs:[ecx]
0075752b   mov     fs:[ecx], esp
0075752e   cmp     dword ptr [ebp-8], 0
00757532   jz      loc_75754d
00757532
00757534   lea     eax, [ebp-$30]
00757537   mov     edx, [ebp-8]
0075753a   call    -$34dd03 ($40983c)     ; segment%0.public%422 (PCMAV.exe)
0075753a
0075753f   mov     eax, [ebp-$30]
00757542   mov     dl, 1
00757544   call    -$308ca5 ($44e8a4)     ; segment%26.public%2237 (PCMAV.exe)
00757544
00757549   test    al, al
0075754b   jnz     loc_757564
0075754b
0075754d loc_75754d:
0075754d   mov     eax, $7579f4
00757552   call    -$1fb ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
00757552
00757557   xor     eax, eax
00757559   pop     edx
0075755a   pop     ecx
0075755b   pop     ecx
0075755c   mov     fs:[eax], edx
0075755f   jmp     loc_757954
0075755f
0075755f ; ---------------------------------------------------------
0075755f
00757564 loc_757564:
00757564   mov     edx, [ebp-8]
00757567   mov     eax, edx
00757569   test    eax, eax
0075756b   jz      loc_757572
0075756b
0075756d   sub     eax, 4
00757570   mov     eax, [eax]
0075756d
00757572 loc_757572:
00757572   mov     ecx, [ebp-8]
00757575   cmp     byte ptr [ecx+eax-1], $5c
0075757a   jnz     loc_75759b
0075757a
0075757c   mov     ebx, edx
0075757e   test    ebx, ebx
00757580   jz      loc_757587
00757580
00757582   sub     ebx, 4
00757585   mov     ebx, [ebx]
00757582
00757587 loc_757587:
00757587   lea     eax, [ebp-8]
0075758a   push    eax
0075758b   mov     ecx, ebx
0075758d   dec     ecx
0075758e   mov     edx, 1
00757593   mov     eax, [ebp-8]
00757596   call    -$34e443 ($409158)     ; segment%0.public%393 (PCMAV.exe)
00757596
0075759b loc_75759b:
0075759b   lea     eax, [ebp-$34]
0075759e   mov     edx, [ebp-4]
007575a1   call    -$34dd6a ($40983c)     ; segment%0.public%422 (PCMAV.exe)
007575a1
007575a6   mov     eax, [ebp-$34]
007575a9   call    -$cee ($7568c0)        ; segment%135.public%16961 (PCMAV.exe)
007575a9
007575ae   test    al, al
007575b0   jnz     loc_7575c9
007575b0
007575b2   mov     eax, $757a54
007575b7   call    -$260 ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
007575b7
007575bc   xor     eax, eax
007575be   pop     edx
007575bf   pop     ecx
007575c0   pop     ecx
007575c1   mov     fs:[eax], edx
007575c4   jmp     loc_757954
007575c4
007575c4 ; ---------------------------------------------------------
007575c4
007575c9 loc_7575c9:
007575c9   push    dword ptr [ebp-8]
007575cc   push    $757aa4
007575d1   push    $757ab4                ; 'main.cvd'
007575d6   lea     eax, [ebp-$3c]
007575d9   mov     edx, 3
007575de   call    -$34e5eb ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
007575de
007575e3   mov     edx, [ebp-$3c]
007575e6   lea     eax, [ebp-$38]
007575e9   call    -$34ddb2 ($40983c)     ; segment%0.public%422 (PCMAV.exe)
007575e9
007575ee   mov     eax, [ebp-$38]
007575f1   mov     dl, 1
007575f3   call    -$308dec ($44e80c)     ; segment%26.public%2236 (PCMAV.exe)
007575f3
007575f8   test    al, al
007575fa   jz      loc_75762f
007575fa
007575fc   push    dword ptr [ebp-8]
007575ff   push    $757aa4
00757604   push    $757acc                ; 'daily.cvd'
00757609   lea     eax, [ebp-$44]
0075760c   mov     edx, 3
00757611   call    -$34e61e ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
00757611
00757616   mov     edx, [ebp-$44]
00757619   lea     eax, [ebp-$40]
0075761c   call    -$34dde5 ($40983c)     ; segment%0.public%422 (PCMAV.exe)
0075761c
00757621   mov     eax, [ebp-$40]
00757624   mov     dl, 1
00757626   call    -$308e1f ($44e80c)     ; segment%26.public%2236 (PCMAV.exe)
00757626
0075762b   test    al, al
0075762d   jnz     loc_757646
0075762d
0075762f loc_75762f:
0075762f   mov     eax, $757ae4
00757634   call    -$2dd ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
00757634
00757639   xor     eax, eax
0075763b   pop     edx
0075763c   pop     ecx
0075763d   pop     ecx
0075763e   mov     fs:[eax], edx
00757641   jmp     loc_757954
00757641
00757641 ; ---------------------------------------------------------
00757641
00757646 loc_757646:
00757646   push    0
00757648   mov     eax, [$90b91c]
0075764d   mov     eax, [eax]
0075764f   call    eax
0075764f
00757651   pop     ecx
00757652   test    eax, eax
00757654   jz      loc_75766d
00757654
00757656   mov     eax, $757b48
0075765b   call    -$304 ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
0075765b
00757660   xor     eax, eax
00757662   pop     edx
00757663   pop     ecx
00757664   pop     ecx
00757665   mov     fs:[eax], edx
00757668   jmp     loc_757954
00757668
00757668 ; ---------------------------------------------------------
00757668
0075766d loc_75766d:
0075766d   cmp     byte ptr [ebp+8], 0
00757671   jz      loc_75767c
00757671
00757673   mov     eax, [$90b7dc]
00757678   mov     eax, [eax]
0075767a   call    eax
0075767a
0075767c loc_75767c:
0075767c   push    dword ptr [ebp-8]
0075767f   push    $757aa4
00757684   push    $757ab4                ; 'main.cvd'
00757689   lea     eax, [ebp-$48]
0075768c   mov     edx, 3
00757691   call    -$34e69e ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
00757691
00757696   mov     eax, [ebp-$48]
00757699   call    -$34e55e ($409140)     ; segment%0.public%392 (PCMAV.exe)
00757699
0075769e   push    eax
0075769f   mov     eax, [$90b1d4]
007576a4   mov     eax, [eax]
007576a6   call    eax
007576a6
007576a8   pop     ecx
007576a9   test    eax, eax
007576ab   jnz     loc_7576de
007576ab
007576ad   push    dword ptr [ebp-8]
007576b0   push    $757aa4
007576b5   push    $757acc                ; 'daily.cvd'
007576ba   lea     eax, [ebp-$4c]
007576bd   mov     edx, 3
007576c2   call    -$34e6cf ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
007576c2
007576c7   mov     eax, [ebp-$4c]
007576ca   call    -$34e58f ($409140)     ; segment%0.public%392 (PCMAV.exe)
007576ca
007576cf   push    eax
007576d0   mov     eax, [$90b1d4]
007576d5   mov     eax, [eax]
007576d7   call    eax
007576d7
007576d9   pop     ecx
007576da   test    eax, eax
007576dc   jz      loc_7576f5
007576dc
007576de loc_7576de:
007576de   mov     eax, $757b80
007576e3   call    -$38c ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
007576e3
007576e8   xor     eax, eax
007576ea   pop     edx
007576eb   pop     ecx
007576ec   pop     ecx
007576ed   mov     fs:[eax], edx
007576f0   jmp     loc_757954
007576f0
007576f0 ; ---------------------------------------------------------
007576f0
007576f5 loc_7576f5:
007576f5   mov     eax, [$90bd08]
007576fa   mov     eax, [eax]
007576fc   call    eax
007576fc
007576fe   mov     edx, eax
00757700   mov     eax, [ebp-$c]
00757703   add     eax, $30
00757706   call    -$34df6f ($40979c)     ; segment%0.public%418 (PCMAV.exe)
00757706
0075770b   mov     eax, [$90bd70]
00757710   mov     eax, [eax]
00757712   call    eax
00757712
00757714   mov     ebx, eax
00757716   mov     eax, [ebp-$c]
00757719   mov     [eax+4], ebx
0075771c   test    ebx, ebx
0075771e   jnz     loc_75772d
0075771e
00757720   xor     eax, eax
00757722   pop     edx
00757723   pop     ecx
00757724   pop     ecx
00757725   mov     fs:[eax], edx
00757728   jmp     loc_757954
00757728
00757728 ; ---------------------------------------------------------
00757728
0075772d loc_75772d:
0075772d   xor     eax, eax
0075772f   push    ebp
00757730   push    $75777a                ; segment%0.public%298 (PCMAV.exe)
00757735   push    dword ptr fs:[eax]
00757738   mov     fs:[eax], esp
0075773b   mov     eax, [ebp-$c]
0075773e   xor     edx, edx
00757740   mov     [eax+8], edx
00757743   mov     eax, [ebp-$c]
00757746   mov     eax, [eax+$c]
00757749   push    eax
0075774a   mov     eax, [ebp-$c]
0075774d   add     eax, 8
00757750   push    eax
00757751   mov     eax, [ebp-$c]
00757754   mov     eax, [eax+4]
00757757   push    eax
00757758   mov     eax, [ebp-8]
0075775b   call    -$34e620 ($409140)     ; segment%0.public%392 (PCMAV.exe)
0075775b
00757760   push    eax
00757761   mov     eax, [$90b234]
00757766   mov     eax, [eax]
00757768 > call    eax
00757768
0075776a   add     esp, $10
0075776d   mov     [ebp-$14], eax
00757770   xor     eax, eax
00757772   pop     edx
00757773   pop     ecx
00757774   pop     ecx
00757775   mov     fs:[eax], edx
00757778   jmp     loc_7577b4
00757778
00757778 ; ---------------------------------------------------------
00757778
0075777a   jmp     -$34fe83 ($4078fc)     ; segment%0.public%298 (PCMAV.exe)
0075777a
0075777f   mov     eax, [ebp-$14]
00757782   push    eax
00757783   mov     eax, [$90ace4]
00757788   mov     eax, [eax]
0075778a   call    eax
0075778a
0075778c   pop     ecx
0075778d   mov     edx, eax
0075778f   lea     eax, [ebp-$54]
00757792   call    -$34dffb ($40979c)     ; segment%0.public%418 (PCMAV.exe)
00757792
00757797   mov     ecx, [ebp-$54]
0075779a   lea     eax, [ebp-$50]
0075779d   mov     edx, $757bd4
007577a2   call    -$34ddd7 ($4099d0)     ; segment%0.public%429 (PCMAV.exe)
007577a2
007577a7   mov     eax, [ebp-$50]
007577aa   call    -$453 ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
007577aa
007577af   call    -$34f99c ($407e18)     ; segment%0.public%305 (PCMAV.exe)
007577af
007577b4 loc_7577b4:
007577b4   cmp     dword ptr [ebp-$14], 0
007577b8   jz      loc_757808
007577b8
007577ba   mov     eax, [ebp-$14]
007577bd   push    eax
007577be   mov     eax, [$90ace4]
007577c3   mov     eax, [eax]
007577c5   call    eax
007577c5
007577c7   pop     ecx
007577c8   mov     edx, eax
007577ca   lea     eax, [ebp-$5c]
007577cd   call    -$34e036 ($40979c)     ; segment%0.public%418 (PCMAV.exe)
007577cd
007577d2   mov     ecx, [ebp-$5c]
007577d5   lea     eax, [ebp-$58]
007577d8   mov     edx, $757c10
007577dd   call    -$34de12 ($4099d0)     ; segment%0.public%429 (PCMAV.exe)
007577dd
007577e2   mov     eax, [ebp-$58]
007577e5   call    -$48e ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
007577e5
007577ea   mov     eax, [ebp-$c]
007577ed   mov     eax, [eax+4]
007577f0   push    eax
007577f1   mov     eax, [$90b6c0]
007577f6   mov     eax, [eax]
007577f8   call    eax
007577f8
007577fa   pop     ecx
007577fb   xor     eax, eax
007577fd   pop     edx
007577fe   pop     ecx
007577ff   pop     ecx
00757800   mov     fs:[eax], edx
00757803   jmp     loc_757954
00757803
00757803 ; ---------------------------------------------------------
00757803
00757808 loc_757808:
00757808   mov     eax, [ebp-$c]
0075780b   mov     eax, [eax+8]
0075780e   mov     edx, [ebp-$c]
00757811   mov     [edx+$34], eax
00757814   push    dword ptr [ebp-8]
00757817   push    $757aa4
0075781c   push    $757ab4                ; 'main.cvd'
00757821   lea     eax, [ebp-$60]
00757824   mov     edx, 3
00757829   call    -$34e836 ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
00757829
0075782e   mov     eax, [ebp-$60]
00757831   call    -$34e6f6 ($409140)     ; segment%0.public%392 (PCMAV.exe)
00757831
00757836   push    eax
00757837   mov     eax, [$90b654]
0075783c   mov     eax, [eax]
0075783e   call    eax
0075783e
00757840   pop     ecx
00757841   mov     edx, [ebp-$c]
00757844   mov     [edx+$40], eax
00757847   push    dword ptr [ebp-8]
0075784a   push    $757aa4
0075784f   push    $757acc                ; 'daily.cvd'
00757854   lea     eax, [ebp-$64]
00757857   mov     edx, 3
0075785c   call    -$34e869 ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
0075785c
00757861   mov     eax, [ebp-$64]
00757864   call    -$34e729 ($409140)     ; segment%0.public%392 (PCMAV.exe)
00757864
00757869   push    eax
0075786a   mov     eax, [$90b654]
0075786f   mov     eax, [eax]
00757871   call    eax
00757871
00757873   pop     ecx
00757874   mov     edx, [ebp-$c]
00757877   mov     [edx+$44], eax
0075787a   push    dword ptr [ebp-8]
0075787d   push    $757aa4
00757882   push    $757ab4                ; 'main.cvd'
00757887   lea     eax, [ebp-$6c]
0075788a   mov     edx, 3
0075788f   call    -$34e89c ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
0075788f
00757894   mov     edx, [ebp-$6c]
00757897   lea     eax, [ebp-$68]
0075789a   call    -$34e063 ($40983c)     ; segment%0.public%422 (PCMAV.exe)
0075789a
0075789f   mov     eax, [ebp-$68]
007578a2   call    -$4e7 ($7573c0)        ; segment%136.public%16964 (PCMAV.exe)
007578a2
007578a7   mov     edx, [ebp-$c]
007578aa   mov     [edx+$38], eax
007578ad   push    dword ptr [ebp-8]
007578b0   push    $757aa4
007578b5   push    $757acc                ; 'daily.cvd'
007578ba   lea     eax, [ebp-$74]
007578bd   mov     edx, 3
007578c2   call    -$34e8cf ($408ff8)     ; segment%0.public%390 (PCMAV.exe)
007578c2
007578c7   mov     edx, [ebp-$74]
007578ca   lea     eax, [ebp-$70]
007578cd   call    -$34e096 ($40983c)     ; segment%0.public%422 (PCMAV.exe)
007578cd
007578d2   mov     eax, [ebp-$70]
007578d5   call    -$51a ($7573c0)        ; segment%136.public%16964 (PCMAV.exe)
007578d5
007578da   mov     edx, [ebp-$c]
007578dd   mov     [edx+$3c], eax
007578e0   mov     eax, [ebp-$c]
007578e3   mov     eax, [eax+4]
007578e6   push    eax
007578e7   mov     eax, [$90b9f0]
007578ec   mov     eax, [eax]
007578ee   call    eax
007578ee
007578f0   pop     ecx
007578f1   test    eax, eax
007578f3   jz      loc_75791a
007578f3
007578f5   mov     eax, $757c34
007578fa   call    -$5a3 ($75735c)        ; segment%136.public%16963 (PCMAV.exe)
007578fa
007578ff   mov     eax, [ebp-$c]
00757902   mov     eax, [eax+4]
00757905   push    eax
00757906   mov     eax, [$90b6c0]
0075790b   mov     eax, [eax]
0075790d   call    eax
0075790d
0075790f   pop     ecx
00757910   xor     eax, eax
00757912   pop     edx
00757913   pop     ecx
00757914   pop     ecx
00757915   mov     fs:[eax], edx
00757918   jmp     loc_757954
00757918
00757918 ; ---------------------------------------------------------
00757918
0075791a loc_75791a:
0075791a   mov     eax, [ebp-$c]
0075791d   mov     byte ptr [eax+$2c], 1
00757921   mov     eax, [ebp-$c]
00757924   movzx   eax, byte ptr [eax+$2c]
00757928   mov     [ebp-$d], al
0075792b   xor     eax, eax
0075792d   pop     edx
0075792e   pop     ecx
0075792f   pop     ecx
00757930   mov     fs:[eax], edx
00757933   jmp     loc_757954
00757933
00757933 ; ---------------------------------------------------------
00757933
00757935   jmp     -$35003e ($4078fc)     ; segment%0.public%298 (PCMAV.exe)
00757935
0075793a   mov     byte ptr [ebp-$d], 0
0075793e   mov     eax, [ebp-$c]
00757941   movzx   edx, byte ptr [ebp-$d]
00757945   mov     [eax+$2c], dl
00757948   call    -$34fb35 ($407e18)     ; segment%0.public%305 (PCMAV.exe)
00757948
0075794d   jmp     loc_757954
0075794d
0075794d ; ---------------------------------------------------------
0075794d
00757954 loc_757954:
00757954   xor     eax, eax
00757956   pop     edx
00757957   pop     ecx
00757958   pop     ecx
00757959   mov     fs:[eax], edx
0075795c   push    $7579da
00757959
00757961 loc_757961:
00757961   lea     eax, [ebp-$74]
00757964   call    -$34f2d1 ($408698)     ; segment%0.public%335 (PCMAV.exe)
00757964
00757969   lea     eax, [ebp-$70]
0075796c   call    -$34f2fd ($408674)     ; segment%0.public%334 (PCMAV.exe)
0075796c
00757971   lea     eax, [ebp-$6c]
00757974   call    -$34f2e1 ($408698)     ; segment%0.public%335 (PCMAV.exe)
00757974
00757979   lea     eax, [ebp-$68]
0075797c   call    -$34f30d ($408674)     ; segment%0.public%334 (PCMAV.exe)
0075797c
00757981   lea     eax, [ebp-$64]
00757984   mov     edx, 2
00757989   call    -$34f28a ($408704)     ; segment%0.public%338 (PCMAV.exe)
00757989
0075798e   lea     eax, [ebp-$5c]
00757991   mov     edx, 4
00757996   call    -$34f2c7 ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
00757996
0075799b   lea     eax, [ebp-$4c]
0075799e   mov     edx, 3
007579a3   call    -$34f2a4 ($408704)     ; segment%0.public%338 (PCMAV.exe)
007579a3
007579a8   lea     eax, [ebp-$40]
007579ab   call    -$34f33c ($408674)     ; segment%0.public%334 (PCMAV.exe)
007579ab
007579b0   lea     eax, [ebp-$3c]
007579b3   call    -$34f320 ($408698)     ; segment%0.public%335 (PCMAV.exe)
007579b3
007579b8   lea     eax, [ebp-$38]
007579bb   mov     edx, 3
007579c0   call    -$34f2f1 ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
007579c0
007579c5   lea     eax, [ebp-8]
007579c8   mov     edx, 2
007579cd   call    -$34f2ce ($408704)     ; segment%0.public%338 (PCMAV.exe)
007579cd
007579d2   ret
007579d2
007579d2 ; ---------------------------------------------------------
007579d2
007579d3   jmp     -$34fe28 ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
007579d3
007579d8   jmp     loc_757961
007579d8
007579d8 ; ---------------------------------------------------------
007579d8
007579da   movzx   eax, byte ptr [ebp-$d]
007579de   pop     edi
007579df   pop     esi
007579e0   pop     ebx
007579e1   mov     esp, ebp
007579e3   pop     ebp
007579e4   ret     $c
date/time         : 2012-07-12, 12:51:57, 62ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 3 hours 29 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 147/958 MB (free/total)
free disk space   : (C:) 7.31 GB (D:) 997.72 MB
display mode      : 1024x768, 32 bit
process id        : $b8c
allocated memory  : 232.22 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $1cfd786a, $f1ea2e0b, $f1ea2e0b
exception number  : 1
exception message : The application seems to be frozen.

main thread ($858):
7c912488 +23c4 ntdll.dll                 RtlAllocateHeap
02fc4f6b +0013 MSVCR80.dll               calloc
0459dce3 +0163 libclamav.dll             cl_load
00757768 +0298 PCMAV.exe     segment%136 public%16966
00759a1e +0102 PCMAV.exe     segment%140 public%16988
008d9ef4 +011c PCMAV.exe     segment%265 public%20615
008dc3d1 +0cbd PCMAV.exe     segment%265 public%20639
0059d621 +0015 PCMAV.exe     segment%79  public%9574
005a1ba1 +00a9 PCMAV.exe     segment%79  public%9694
004fd228 +02d4 PCMAV.exe     segment%62  public%6000
00501b73 +05b3 PCMAV.exe     segment%62  public%6159
0059e022 +05f2 PCMAV.exe     segment%79  public%9588
004fce4c +0024 PCMAV.exe     segment%62  public%5993
00500f71 +010d PCMAV.exe     segment%62  public%6150
00501080 +00bc PCMAV.exe     segment%62  public%6151
00503c3e +0026 PCMAV.exe     segment%62  public%6250
004fd228 +02d4 PCMAV.exe     segment%62  public%6000
00501b73 +05b3 PCMAV.exe     segment%62  public%6159
0059e022 +05f2 PCMAV.exe     segment%79  public%9588
004fce4c +0024 PCMAV.exe     segment%62  public%5993
004fb82a +0026 PCMAV.exe     segment%62  public%5909
0059d8ba +003a PCMAV.exe     segment%79  public%9583
005a7473 +00b3 PCMAV.exe     segment%79  public%9885
008f2289 +013d PCMAV.exe     segment%393 public%20900

thread $f28:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $98c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($858) at:
030916e9 +00 IDMShellExt.dll

thread $c58 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($858) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $828:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $eb0:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $730:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($858) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d60:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $d3c:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $a1c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 527 355 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   105 50  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
b8c PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.96.0.1

disassembling:
[...]
7c910ec6
7c910ecc   add     eax, -8
7c910ecf   mov     [ebp-$38], eax
7c910ed2   movzx   eax, word ptr [eax]
7c910ed5   cmp     eax, edi
7c910ed7   jb      loc_7c912482
7c910ed7
7c910edd   mov     eax, [ebp-$28]
7c910ed7
7c910ee0 loc_7c910ee0:
7c910ee0   mov     eax, [eax]
7c910ee2   mov     [ebp-$6c], eax
7c910ee5   cmp     [ebp-$28], eax
7c910ee8   jz      loc_7c912482
7c910ee8
7c910eee   lea     esi, [eax-8]
7c910ef1   mov     [ebp-$38], esi
7c910ef4   movzx   ecx, word ptr [esi]
7c910ef7   cmp     ecx, edi
7c910ef9   jb      loc_7c910ee0
7c910ef9
7c910efb   push    esi
7c910efc   push    dword ptr [ebp-$1c]
7c910eff   call    -$880 ($7c910684)
7c910eff
7c910f04   lea     edx, [esi+8]
7c910f07   mov     [ebp-$10c], edx
7c910f0d   mov     eax, [edx]
7c910f0f   mov     [ebp-$16c], eax
7c910f15   mov     ecx, [edx+4]
7c910f18   mov     [ebp-$114], ecx
7c910f15
7c910f1e loc_7c910f1e:
7c910f1e   mov     edi, [ecx]
7c910f20   cmp     edi, [eax+4]
7c910f23   jnz     loc_7c936934
7c910f23
7c910f29   cmp     edi, edx
7c910f2b   jnz     loc_7c936934
7c910f2b
7c910f31   mov     [ecx], eax
7c910f33   mov     [eax+4], ecx
7c910f31
7c910f36 loc_7c910f36:
7c910f36   mov     al, [esi+5]
7c910f39   mov     [ebp-$1d], al
7c910f3c   movzx   eax, word ptr [esi]
7c910f3f   mov     edi, [ebp-$1c]
7c910f42   sub     [edi+$28], eax
7c910f45   mov     [ebp-$48], esi
7c910f48   mov     byte ptr [esi+5], 1
7c910f4c   movzx   ebx, word ptr [esi]
7c910f4f   mov     ecx, [ebp-$64]
7c910f52   sub     ebx, ecx
7c910f54   mov     [ebp-$ac], ebx
7c910f5a   mov     [esi], cx
7c910f5d   mov     eax, [ebp-$24]
7c910f60   sub     eax, [ebp+$10]
7c910f63   mov     [ebp-$124], eax
7c910f69   cmp     eax, $ff
7c910f6e   jnb     loc_7c93763e
7c910f6e
7c910f74   mov     [esi+6], al
7c910f6e
7c910f77 loc_7c910f77:
7c910f77   mov     edx, esi
7c910f79   shr     edx, 3
7c910f7c   xor     eax, eax
7c910f7e   mov     al, [edi+4]
7c910f81   xor     eax, edx
7c910f83   mov     [esi+4], al
7c910f86   test    ebx, ebx
7c910f88   jz      loc_7c911056
7c910f88
7c910f8e   cmp     ebx, 1
7c910f91   jz      loc_7c910c48
7c910f91
7c910f97   mov     eax, [ebp-$64]
7c910f9a   lea     edi, [esi+eax*8]
7c910f9d   mov     [ebp-$144], edi
7c910fa3   mov     cl, [ebp-$1d]
7c910fa6   mov     [edi+5], cl
7c910fa9   mov     [edi+2], ax
7c910fad   mov     al, [esi+7]
7c910fb0   mov     [edi+7], al
7c910fb3   mov     [edi], bx
7c910fb6   test    cl, $10
7c910fb9   jz      loc_7c911123
7c910fb9
7c910fbf   xor     eax, eax
7c910fc1   mov     al, [edi+5]
7c910fc4   and     eax, $10
7c910fc7   mov     [edi+5], al
7c910fca   cmp     bx, $80
7c910fcf   jb      loc_7c911305
7c910fcf
7c910fd5   mov     eax, [ebp-$1c]
7c910fd8   lea     esi, [eax+$178]
7c910fde   mov     [ebp-$e0], esi
7c910fe4   cmp     dword ptr [eax+$170], 0
7c910feb   jnz     loc_7c912927
7c910feb
7c910ff1   mov     eax, [esi]
7c910feb
7c910ff3 loc_7c910ff3:
7c910ff3   mov     ecx, eax
7c910ff1
7c910ff5 loc_7c910ff5:
7c910ff5   mov     [ebp-$90], ecx
7c910ffb   cmp     esi, ecx
7c910ffd   jnz     loc_7c910aba
7c910ffd
7c911003 loc_7c911003:
7c911003   lea     eax, [edi+8]
7c911006   mov     [ebp-$f0], eax
7c91100c   mov     edx, [ecx+4]
7c91100f   mov     [ebp-$f8], edx
7c91100c
7c911015 loc_7c911015:
7c911015   mov     [eax], ecx
7c911017   mov     [eax+4], edx
7c91101a   mov     [edx], eax
7c91101c   mov     [ecx+4], eax
7c91101f   push    edi
7c911020   push    dword ptr [ebp-$1c]
7c911023   call    -$96c ($7c9106bc)
7c911023
7c911028   mov     ecx, [ebp-$1c]
7c911023
7c91102b loc_7c91102b:
7c91102b   add     [ecx+$28], ebx
7c91102e   mov     esi, [ebp-$1c]
7c91102b
7c911031 loc_7c911031:
7c911031   mov     byte ptr [ebp-$1d], 0
7c911035   test    byte ptr [edi+5], $10
7c911039   jz      loc_7c911056
7c911039
7c91103b   cmp     byte ptr [edi+7], $40
7c91103f   jnb     loc_7c936951
7c91103f
7c911045   movzx   eax, byte ptr [edi+7]
7c911049   mov     esi, [esi+eax*4+$58]
7c91104d   mov     [ebp-$188], esi
7c911053   mov     [esi+$38], edi
7c91104d
7c911056 loc_7c911056:
7c911056   test    byte ptr [ebp-$1d], $10
7c91105a   jnz     loc_7c910c72
7c91105a
7c911060 loc_7c911060:
7c911060   mov     eax, [ebp-$48]
7c91105a
7c911063 loc_7c911063:
7c911063   lea     edi, [eax+8]
7c911066   mov     [ebp-$30], edi
7c911069   movzx   esi, word ptr [eax]
7c91106c   shl     esi, 3
7c91106f   mov     [ebp-$34], esi
7c911072   cmp     byte ptr [ebp-$1e], 0
7c911076   jz      loc_7c91108a
7c911076
7c911078   mov     eax, [ebp-$1c]
7c91107b   push    dword ptr [eax+$578]
7c911081   call    -$ffa6 ($7c9010e0)     ; RtlLeaveCriticalSection (ntdll.dll)
7c911081
7c911086   mov     byte ptr [ebp-$1e], 0
7c911081
7c91108a loc_7c91108a:
7c91108a   test    byte ptr [ebp+$c], 8
7c91108e   jnz     loc_7c910757
7c91108e
7c911094 loc_7c911094:
7c911094   or      dword ptr [ebp-4], -1
7c911098   call    +$5a ($7c9110f7)
7c911098
7c91109d   cmp     byte ptr [edi+$586], 1
7c9110a4   jnz     loc_7c9112d4
7c9110a4
7c9110aa   mov     eax, [edi+$580]
7c9110a4
7c9110b0 loc_7c9110b0:
7c9110b0   test    eax, eax
7c9110b2   jz      loc_7c9110cf
7c9110b2
7c9110b4   shr     esi, $a
7c9110b7   cmp     esi, $80
7c9110bd   jnb     loc_7c9107ea
7c9110bd
7c9110c3 loc_7c9110c3:
7c9110c3   lea     ecx, [esi+esi*2]
7c9110c6   shl     ecx, 4
7c9110c9   lea     eax, [ecx+eax+$24]
7c9110cd   inc     dword ptr [eax]
7c9110c9
7c9110cf loc_7c9110cf:
7c9110cf   mov     eax, [ebp-$40]
7c9110d2   xor     edi, edi
7c9110d4   or      eax, [ebp-$3c]
7c9110d7   jnz     loc_7c91298e
7c9110d7
7c9110dd loc_7c9110dd:
7c9110dd   test    byte ptr [$7ffe02f0], 2
7c9110e4   jnz     loc_7c93d095
7c9110e4
7c9110ea loc_7c9110ea:
7c9110ea   mov     eax, [ebp-$30]
7c9110ed   jmp     loc_7c9101d6
7c9110ed
7c9110ed ; ---------------------------------------------------------
7c9110ed
7c911105 loc_7c911105:
7c911105   xor     esi, esi
7c911107   jmp     loc_7c910de2
7c911107
7c911107 ; ---------------------------------------------------------
7c911107
7c911114 loc_7c911114:
7c911114   mov     [eax], edx
7c911116   mov     [eax+4], esi
7c911119   mov     [esi], eax
7c91111b   mov     [edx+4], eax
7c91111e   jmp     loc_7c91102b
7c91111e
7c91111e ; ---------------------------------------------------------
7c91111e
7c911123 loc_7c911123:
7c911123   lea     eax, [edi+ebx*8]
7c911126   mov     [ebp-$50], eax
7c911129   mov     cl, [eax+5]
7c91112c   test    cl, 1
7c91112f   jz      loc_7c93680b
7c91112f
7c911135   mov     [eax+2], bx
7c911139   xor     eax, eax
7c91113b   mov     al, [edi+5]
7c91113e   and     eax, $10
7c911141   mov     [edi+5], al
7c911144   cmp     bx, $80
7c911149   jnb     loc_7c91125c
7c911149
7c91114f   movzx   eax, bx
7c911152   mov     ecx, [ebp-$1c]
7c911155   lea     edx, [ecx+eax*8+$178]
7c91115c   mov     [ebp-$100], edx
7c911162   cmp     [edx], edx
7c911164   jnz     loc_7c911198
7c911164
7c911166   movzx   ecx, word ptr [edi]
7c911169   mov     eax, ecx
7c91116b   shr     eax, 3
7c91116e   mov     [ebp-$108], eax
7c911174   and     ecx, 7
7c911177   xor     esi, esi
7c911179   inc     esi
7c91117a   shl     esi, cl
7c91117c   mov     [ebp-$d0], esi
7c911182   mov     ecx, [ebp-$1c]
7c911185   lea     esi, [eax+ecx+$158]
7c91118c   xor     eax, eax
7c91118e   mov     al, [esi]
7c911190   or      eax, [ebp-$d0]
7c911196   mov     [esi], al
7c911190
7c911198 loc_7c911198:
7c911198   lea     eax, [edi+8]
7c91119b   mov     [ebp-$110], eax
7c9111a1   mov     esi, [edx+4]
7c9111a4   mov     [ebp-$118], esi
7c9111aa   jmp     loc_7c911114
7c9111aa
7c9111aa ; ---------------------------------------------------------
7c9111aa
7c9111af loc_7c9111af:
7c9111af   cmp     edi, [ebx+$14]
7c9111b2   jbe     loc_7c910ea8
7c9111b2
7c9111b8   mov     eax, [ebx+$c]
7c9111bb   test    al, 2
7c9111bd   jz      loc_7c93d011
7c9111bd
7c9111c3   mov     [ebp-$2c], esi
7c9111c6   add     dword ptr [ebp-$24], $18
7c9111ca   and     eax, $40000
7c9111cf   neg     eax
7c9111d1   sbb     eax, eax
7c9111d3   and     eax, $3c
7c9111d6   add     eax, 4
7c9111d9   push    eax
7c9111da   push    $1000
7c9111df   lea     eax, [ebp-$24]
7c9111e2   push    eax
7c9111e3   push    esi
7c9111e4   lea     eax, [ebp-$2c]
7c9111e7   push    eax
7c9111e8   push    $ffffffff
7c9111ea   call    -$4281 ($7c90cf6e)     ; NtAllocateVirtualMemory (ntdll.dll)
7c9111ea
7c9111ef   mov     [ebp-$58], eax
7c9111f2   cmp     eax, esi
7c9111f4   jl      loc_7c93d018
7c9111f4
7c9111fa   mov     eax, [ebp-$24]
7c9111fd   sub     eax, [ebp+$10]
7c911200   mov     ecx, [ebp-$2c]
7c911203   mov     [ecx+$18], ax
7c911207   mov     eax, [ebp-$2c]
7c91120a   mov     byte ptr [eax+$1d], $b
7c91120e   mov     eax, [ebp-$24]
7c911211   mov     ecx, [ebp-$2c]
7c911214   mov     [ecx+$10], eax
7c911217   mov     eax, [ebp-$2c]
7c91121a   mov     ecx, [ebp-$24]
7c91121d   mov     [eax+$14], ecx
7c911220   mov     ecx, [ebp-$2c]
7c911223   mov     [ebp-$190], ecx
7c911229   lea     eax, [ebx+$50]
7c91122c   mov     [ebp-$198], eax
7c911232   mov     edx, [eax+4]
7c911235   mov     [ebp-$1a0], edx
7c91123b   mov     [ecx], eax
7c91123d   mov     [ecx+4], edx
7c911240   mov     [edx], ecx
7c911242   mov     [eax+4], ecx
7c911245   mov     eax, [ebp-$2c]
7c911248   add     eax, $20
7c91124b   mov     [ebp-$30], eax
7c91124e   mov     eax, [ebp-$24]
7c911251   mov     [ebp-$34], eax
7c91124e
7c911254 loc_7c911254:
7c911254   mov     esi, [ebp-$34]
7c911257   jmp     loc_7c911094
7c911257
7c911257 ; ---------------------------------------------------------
7c911257
7c91125c loc_7c91125c:
7c91125c   mov     eax, [ebp-$1c]
7c91125f   lea     esi, [eax+$178]
7c911265   mov     [ebp-$120], esi
7c91126b   cmp     dword ptr [eax+$170], 0
7c911272   jz      loc_7c9112b5
7c911272
7c911274   movzx   eax, bx
7c911277   push    eax
7c911278   push    dword ptr [ebp-$1c]
7c91127b   call    +$13cc ($7c91264c)
7c91127b
7c911280 loc_7c911280:
7c911280   mov     ecx, eax
7c91127b
7c911282 loc_7c911282:
7c911282   mov     [ebp-$94], ecx
7c911288   cmp     esi, ecx
7c91128a   jz      loc_7c91129e
7c91128a
7c91128c   lea     eax, [ecx-8]
7c91128f   mov     [ebp-$128], eax
7c911295   cmp     bx, [eax]
7c911298   ja      loc_7c9107dc
7c911298
7c91129e loc_7c91129e:
7c91129e   lea     eax, [edi+8]
7c9112a1   mov     [ebp-$130], eax
7c9112a7   mov     edx, [ecx+4]
7c9112aa   mov     [ebp-$138], edx
7c9112b0   jmp     loc_7c911015
7c9112b0
7c9112b0 ; ---------------------------------------------------------
7c9112b0
7c9112b5 loc_7c9112b5:
7c9112b5   mov     eax, [esi]
7c9112b7   jmp     loc_7c911280
7c9112b7
7c9112b7 ; ---------------------------------------------------------
7c9112b7
7c9112cd loc_7c9112cd:
7c9112cd   xor     eax, eax
7c9112cf   jmp     loc_7c910156
7c9112cf
7c9112cf ; ---------------------------------------------------------
7c9112cf
7c9112d4 loc_7c9112d4:
7c9112d4   xor     eax, eax
7c9112d6   jmp     loc_7c9110b0
7c9112d6
7c9112d6 ; ---------------------------------------------------------
7c9112d6
7c911305 loc_7c911305:
7c911305   movzx   eax, bx
7c911308   mov     ecx, [ebp-$1c]
7c91130b   lea     edx, [ecx+eax*8+$178]
7c911312   mov     [ebp-$1c4], edx
7c911318   cmp     [edx], edx
7c91131a   jnz     loc_7c91134e
7c91131a
7c91131c   movzx   ecx, word ptr [edi]
7c91131f   mov     eax, ecx
7c911321   shr     eax, 3
7c911324   mov     [ebp-$14c], eax
7c91132a   and     ecx, 7
7c91132d   xor     esi, esi
7c91132f   inc     esi
7c911330   shl     esi, cl
7c911332   mov     [ebp-$c0], esi
7c911338   mov     ecx, [ebp-$1c]
7c91133b   lea     esi, [eax+ecx+$158]
7c911342   xor     eax, eax
7c911344   mov     al, [esi]
7c911346   or      eax, [ebp-$c0]
7c91134c   mov     [esi], al
7c911346
7c91134e loc_7c91134e:
7c91134e   lea     eax, [edi+8]
7c911351   mov     [ebp-$18c], eax
7c911357   mov     esi, [edx+4]
7c91135a   mov     [ebp-$dc], esi
7c911360   jmp     loc_7c911114
7c911360
7c911360 ; ---------------------------------------------------------
7c911360
7c91175d loc_7c91175d:
7c91175d   mov     esi, [eax+4]
7c911760   sub     esi, 8
7c911763   mov     [ebp-$38], esi
7c911766   mov     al, [esi+5]
7c911769   mov     [ebp-$1d], al
7c91176c   lea     ecx, [esi+8]
7c91176f   mov     edi, [ecx]
7c911771   mov     [ebp-$1b8], edi
7c911777   mov     edx, [esi+$c]
7c91177a   mov     [ebp-$88], edx
7c911780   mov     edx, [edx]
7c911782   cmp     edx, [edi+4]
7c911785   jnz     loc_7c93691e
7c911785
7c91178b   cmp     edx, ecx
7c91178d   jnz     loc_7c93691e
7c91178d
7c911793   mov     ecx, [ebp-$88]
7c911799   mov     [ecx], edi
7c91179b   mov     [edi+4], ecx
7c911799
7c91179e loc_7c91179e:
7c91179e   cmp     edi, ecx
7c9117a0   jnz     loc_7c9117d1
7c9117a0
7c9117a2   movzx   ecx, word ptr [esi]
7c9117a5   mov     edx, ecx
7c9117a7   shr     edx, 3
7c9117aa   mov     [ebp-$1c0], edx
7c9117b0   and     ecx, 7
7c9117b3   xor     edi, edi
7c9117b5   inc     edi
7c9117b6   shl     edi, cl
7c9117b8   mov     [ebp-$b0], edi
7c9117be   lea     edi, [edx+ebx+$158]
7c9117c5   xor     ecx, ecx
7c9117c7   mov     cl, [edi]
7c9117c9   xor     ecx, [ebp-$b0]
7c9117cf   mov     [edi], cl
7c9117c9
7c9117d1 loc_7c9117d1:
7c9117d1   mov     ecx, [ebp-$64]
7c9117d4   sub     [ebx+$28], ecx
7c9117d7   mov     [ebp-$48], esi
7c9117da   and     eax, $10
7c9117dd   or      al, 1
7c9117df   mov     [esi+5], al
7c9117e2   mov     eax, [ebp-$24]
7c9117e5   sub     eax, [ebp+$10]
7c9117e8   mov     [ebp-$154], eax
7c9117ee   cmp     eax, $ff
7c9117f3   jnb     loc_7c93ce74
7c9117f3
7c9117f9   mov     [esi+6], al
7c9117f3
7c9117fc loc_7c9117fc:
7c9117fc   mov     eax, esi
7c9117fe   shr     eax, 3
7c911801   xor     ecx, ecx
7c911803   mov     cl, [ebx+4]
7c911806   xor     eax, ecx
7c911808   mov     [esi+4], al
7c91180b   jmp     loc_7c911060
7c91180b
7c91180b ; ---------------------------------------------------------
7c91180b
7c91246f loc_7c91246f:
7c91246f   mov     ecx, edi
7c912471   shl     ecx, 2
7c912474   cmp     eax, ecx
7c912476   jbe     loc_7c9128b4
7c912476
7c91247c   push    ebx
7c91247d   call    +$6c32 ($7c9190b4)
7c91247d
7c912482 loc_7c912482:
7c912482   push    dword ptr [ebp-$24]
7c912485   push    dword ptr [ebp-$1c]
7c912488 > call    +$679f ($7c918c2c)
7c912488
7c91248d   mov     esi, eax
7c91248f   mov     [ebp-$38], esi
7c912492   test    esi, esi
7c912494   jz      loc_7c93d006
7c912494
7c91249a   push    esi
7c91249b   push    dword ptr [ebp-$1c]
7c91249e   call    -$1e1f ($7c910684)
7c91249e
7c9124a3   lea     edx, [esi+8]
7c9124a6   mov     [ebp-$19c], edx
7c9124ac   mov     eax, [edx]
7c9124ae   mov     [ebp-$11c], eax
7c9124b4   mov     ecx, [edx+4]
7c9124b7   mov     [ebp-$174], ecx
7c9124bd   jmp     loc_7c910f1e
7c9124bd
7c9124bd ; ---------------------------------------------------------
7c9124bd
7c912858 loc_7c912858:
7c912858   mov     ecx, [eax+$20]
7c91285b   test    cx, $1ff
7c912860   lea     ecx, [ecx+1]
7c912863   mov     [eax+$20], ecx
7c912866   jnz     loc_7c910df9
7c912866
7c91286c   push    esi
7c91286d   lea     eax, [ebp-$40]
7c912870   push    eax
7c912871   call    -$4fc8 ($7c90d8ae)     ; NtQueryPerformanceCounter (ntdll.dll)
7c912871
7c912876   jmp     loc_7c910dff
7c912876
7c912876 ; ---------------------------------------------------------
7c912876
7c91287b loc_7c91287b:
7c91287b   push    edi
7c91287c   push    ebx
7c91287d   call    -$236 ($7c91264c)
7c91287d
7c912882   mov     [ebp-$6c], eax
7c912885   cmp     [ebp-$28], eax
7c912888   jz      loc_7c912482
7c912888
7c91288e   lea     esi, [eax-8]
7c912891   mov     [ebp-$38], esi
7c912894   movzx   eax, word ptr [esi]
7c912897   cmp     eax, edi
7c912899   jb      loc_7c912482
7c912899
7c91289f   mov     ecx, [ebx+$170]
7c9128a5   cmp     dword ptr [ecx+$4c], 0
7c9128a9   jz      loc_7c9128b4
7c9128a9
7c9128ab   cmp     edi, [ebx+$20]
7c9128ae   ja      loc_7c91246f
7c9128ae
7c9128b4 loc_7c9128b4:
7c9128b4   push    esi
7c9128b5   push    ebx
7c9128b6   call    -$2237 ($7c910684)
7c9128b6
7c9128bb   lea     edx, [esi+8]
7c9128be   mov     [ebp-$164], edx
7c9128c4   mov     eax, [edx]
7c9128c6   mov     [ebp-$104], eax
7c9128cc   mov     ecx, [edx+4]
7c9128cf   mov     [ebp-$1bc], ecx
7c9128d5   jmp     loc_7c910f1e
7c9128d5
7c9128d5 ; ---------------------------------------------------------
7c9128d5
7c912927 loc_7c912927:
7c912927   movzx   eax, bx
7c91292a   push    eax
7c91292b   push    dword ptr [ebp-$1c]
7c91292e   call    -$2e7 ($7c91264c)
7c91292e
7c912933   jmp     loc_7c910ff3
7c912933
7c912933 ; ---------------------------------------------------------
7c912933
7c91298e loc_7c91298e:
7c91298e   mov     eax, [ebp-$1c]
7c912991   mov     esi, [eax+$170]
7c912997   push    edi
7c912998   lea     eax, [ebp-$7c]
7c91299b   push    eax
7c91299c   call    -$50f3 ($7c90d8ae)     ; NtQueryPerformanceCounter (ntdll.dll)
7c91299c
7c9129a1   mov     eax, [ebp-$7c]
7c9129a4   sub     eax, [ebp-$40]
7c9129a7   mov     ecx, [ebp-$78]
7c9129aa   sbb     ecx, [ebp-$3c]
7c9129ad   add     [esi+$28], eax
7c9129b0   adc     [esi+$2c], ecx
7c9129b3   mov     ecx, [esi+$38]
7c9129b6   lea     eax, [ecx+1]
7c9129b9   mov     [esi+$38], eax
7c9129bc   cmp     ecx, $64
7c9129bf   jb      loc_7c9110dd
7c9129bf
7c9129c5   dec     eax
7c9129c6   push    edi
7c9129c7   push    eax
7c9129c8   push    dword ptr [esi+$2c]
7c9129cb   push    dword ptr [esi+$28]
7c9129ce   call    -$112aa ($7c901729)    ; _aulldiv (ntdll.dll)
7c9129ce
7c9129d3   mov     [esi+$10], eax
7c9129d6   mov     [esi+$14], edx
7c9129d9   mov     [esi+$38], edi
7c9129dc   mov     [esi+$28], edi
7c9129df   mov     [esi+$2c], edi
7c9129e2   jmp     loc_7c9110dd
7c9129e2
7c9129e2 ; ---------------------------------------------------------
7c9129e2
7c919c00 loc_7c919c00:
7c919c00   push    dword ptr [ebp+$10]
7c919c03   push    dword ptr [ebp+$c]
7c919c06   push    ebx
7c919c07   call    +$14 ($7c919c20)
7c919c07
7c919c0c   mov     esi, eax
7c919c0e   cmp     esi, edi
7c919c10   jnz     loc_7c9101d4
7c919c10
7c919c16   jmp     loc_7c93d126
7c919c16
7c919c16 ; ---------------------------------------------------------
7c919c16
7c93680b loc_7c93680b:
7c93680b   mov     [edi+5], cl
7c93680e   lea     ecx, [eax+8]
7c936811   mov     edx, [ecx]
7c936813   mov     [ebp-$9c], edx
7c936819   mov     eax, [eax+$c]
7c93681c   mov     [ebp-$a4], eax
7c936822   mov     eax, [eax]
7c936824   cmp     eax, [edx+4]
7c936827   jnz     loc_7c93693f
7c936827
7c93682d   cmp     eax, ecx
7c93682f   jnz     loc_7c93693f
7c93682f
7c936835   push    dword ptr [ebp-$50]
7c936838   mov     esi, [ebp-$1c]
7c93683b   push    esi
7c93683c   call    -$261bd ($7c910684)
7c93683c
7c936841   mov     eax, [ebp-$9c]
7c936847   mov     ecx, [ebp-$a4]
7c93684d   mov     [ecx], eax
7c93684f   mov     [eax+4], ecx
7c936852   cmp     eax, ecx
7c936854   jz      loc_7c93cf51
7c936854
7c93685a loc_7c93685a:
7c93685a   mov     eax, [ebp-$50]
7c93685d   movzx   ecx, word ptr [eax]
7c936860   sub     [esi+$28], ecx
7c936863   movzx   eax, word ptr [eax]
7c936866   add     ebx, eax
7c936868   mov     [ebp-$ac], ebx
7c93686e   cmp     ebx, $fe00
7c936874   ja      loc_7c9368fe
7c936874
7c93687a   mov     [edi], bx
7c93687d   test    byte ptr [edi+5], $10
7c936881   jnz     loc_7c936888
7c936881
7c936883   mov     [edi+ebx*8+2], bx
7c936881
7c936888 loc_7c936888:
7c936888   xor     eax, eax
7c93688a   mov     al, [edi+5]
7c93688d   and     eax, $10
7c936890   mov     [edi+5], al
7c936893   cmp     bx, $80
7c936898   jb      loc_7c93cf99
7c936898
7c93689e   lea     edx, [esi+$178]
7c9368a4   mov     [ebp-$bc], edx
7c9368aa   cmp     dword ptr [esi+$170], 0
7c9368b1   jz      loc_7c93694a
7c9368b1
7c9368b7   movzx   eax, bx
7c9368ba   push    eax
7c9368bb   push    esi
7c9368bc   call    -$24275 ($7c91264c)
7c9368bc
7c9368c1   mov     edx, [ebp-$bc]
7c9368bc
7c9368c7 loc_7c9368c7:
7c9368c7   mov     ecx, eax
7c9368c1
7c9368c9 loc_7c9368c9:
7c9368c9   mov     [ebp-$c4], ecx
7c9368cf   cmp     edx, ecx
7c9368d1   jnz     loc_7c93690b
7c9368d1
7c9368d3 loc_7c9368d3:
7c9368d3   lea     eax, [edi+8]
7c9368d6   mov     [ebp-$178], eax
7c9368dc   mov     edx, [ecx+4]
7c9368df   mov     [ebp-$180], edx
7c9368e5   mov     [eax], ecx
7c9368e7   mov     [eax+4], edx
7c9368ea   mov     [edx], eax
7c9368ec   mov     [ecx+4], eax
7c9368ef   push    edi
7c9368f0   push    esi
7c9368f1   call    -$2623a ($7c9106bc)
7c9368f1
7c9368f6 loc_7c9368f6:
7c9368f6   add     [esi+$28], ebx
7c9368f9   jmp     loc_7c911031
7c9368f9
7c9368f9 ; ---------------------------------------------------------
7c9368f9
7c9368fe loc_7c9368fe:
7c9368fe   push    ebx
7c9368ff   push    edi
7c936900   push    esi
7c936901   call    -$2459b ($7c91236b)
7c936901
7c936906   jmp     loc_7c911031
7c936906
7c936906 ; ---------------------------------------------------------
7c936906
7c93690b loc_7c93690b:
7c93690b   lea     eax, [ecx-8]
7c93690e   mov     [ebp-$170], eax
7c936914   cmp     bx, [eax]
7c936917   jbe     loc_7c9368d3
7c936917
7c936919   jmp     loc_7c93cfff
7c936919
7c936919 ; ---------------------------------------------------------
7c936919
7c93691e loc_7c93691e:
7c93691e   push    ecx
7c93691f   call    +$28d83 ($7c95f6a7)
7c93691f
7c936924   jmp     loc_7c93ce66
7c936924
7c936924 ; ---------------------------------------------------------
7c936924
7c936929 loc_7c936929:
7c936929   push    ecx
7c93692a   call    +$28d78 ($7c95f6a7)
7c93692a
7c93692f   jmp     loc_7c93cec9
7c93692f
7c93692f ; ---------------------------------------------------------
7c93692f
7c936934 loc_7c936934:
7c936934   push    edx
7c936935   call    +$28d6d ($7c95f6a7)
7c936935
7c93693a   jmp     loc_7c910f36
7c93693a
7c93693a ; ---------------------------------------------------------
7c93693a
7c93693f loc_7c93693f:
7c93693f   push    ecx
7c936940   call    +$28d62 ($7c95f6a7)
7c936940
7c936945   jmp     loc_7c93cf91
7c936945
7c936945 ; ---------------------------------------------------------
7c936945
7c93694a loc_7c93694a:
7c93694a   mov     eax, [edx]
7c93694c   jmp     loc_7c9368c7
7c93694c
7c93694c ; ---------------------------------------------------------
7c93694c
7c936951 loc_7c936951:
7c936951   push    edi
7c936952   call    +$28d50 ($7c95f6a7)
7c936952
7c936957   jmp     loc_7c911056
7c936957
7c936957 ; ---------------------------------------------------------
7c936957
7c936baa loc_7c936baa:
7c936baa   mov     edi, [ebx+$580]
7c936bb0   jmp     loc_7c910115
7c936bb0
7c936bb0 ; ---------------------------------------------------------
7c936bb0
7c936bcb loc_7c936bcb:
7c936bcb   cmp     word ptr [ebx+$584], 0
7c936bd3   jnz     loc_7c91011d
7c936bd3
7c936bd9   test    eax, $800001
7c936bde   jnz     loc_7c91011d
7c936bde
7c936be4   test    edx, edx
7c936be6   jz      loc_7c9377cf
7c936be6
7c936bec loc_7c936bec:
7c936bec   mov     ecx, edi
7c936bee   call    +$2e ($7c936c21)
7c936bee
7c936bf3   mov     esi, eax
7c936bf5   mov     [ebp-$30], esi
7c936bf8   test    esi, esi
7c936bfa   jz      loc_7c91011d
7c936bfa
7c936c00   test    byte ptr [ebp+$c], 8
7c936c04   jnz     loc_7c937607
7c936c04
7c936c0a loc_7c936c0a:
7c936c0a   test    byte ptr [$7ffe02f0], 2
7c936c11   jz      loc_7c9101d4
7c936c11
7c936c17   jmp     loc_7c93cd4b
7c936c17
7c936c17 ; ---------------------------------------------------------
7c936c17
7c937607 loc_7c937607:
7c937607   mov     ecx, [ebp+$10]
7c93760a   xor     eax, eax
7c93760c   mov     edi, esi
7c93760e   mov     edx, ecx
7c937610   shr     ecx, 2
7c937613   rep stosd
7c937615   mov     ecx, edx
7c937617   and     ecx, 3
7c93761a   rep stosb
7c93761c   jmp     loc_7c936c0a
7c93761c
7c93761c ; ---------------------------------------------------------
7c93761c
7c937621 loc_7c937621:
7c937621   cmp     eax, $4000
7c937626   jbe     loc_7c910139
7c937626
7c93762c   add     eax, $fff
7c937631   and     eax, $fffff000
7c937636   mov     [ebp-$24], eax
7c937639   jmp     loc_7c910139
7c937639
7c937639 ; ---------------------------------------------------------
7c937639
7c93763e loc_7c93763e:
7c93763e   cmp     byte ptr [esi+7], -1
7c937642   jz      loc_7c93ced4
7c937642
7c937648   movzx   ecx, cx
7c937642
7c93764b loc_7c93764b:
7c93764b   mov     [ebp-$b8], ecx
7c937651   lea     ecx, [esi+ecx*8]
7c937654   mov     [ebp-$a0], ecx
7c93765a   sub     ecx, 4
7c93765d   mov     [ebp-$a0], ecx
7c937663   mov     byte ptr [esi+6], $ff
7c937667   mov     [ecx], eax
7c937669   jmp     loc_7c910f77
7c937669
7c937669 ; ---------------------------------------------------------
7c937669
7c9377cf loc_7c9377cf:
7c9377cf   inc     edx
7c9377d0   jmp     loc_7c936bec
7c9377d0
7c9377d0 ; ---------------------------------------------------------
7c9377d0
7c93cd4b loc_7c93cd4b:
7c93cd4b   mov     eax, [$7c97ffbc]
7c93cd50   xor     ecx, ecx
7c93cd52   cmp     eax, ecx
7c93cd54   jnz     loc_7c93cd62
7c93cd54
7c93cd56   cmp     [$7c981764], ecx
7c93cd5c   jnz     loc_7c9101d4
7c93cd5c
7c93cd62 loc_7c93cd62:
7c93cd62   cmp     eax, ebx
7c93cd64   jz      loc_7c9101d4
7c93cd64
7c93cd6a   mov     [ebp-$70], ecx
7c93cd6d   mov     [ebp-$4c], ecx
7c93cd70   mov     dword ptr [ebp-$80], $20
7c93cd77   lea     eax, [ebp-$80]
7c93cd7a   push    eax
7c93cd7b   lea     eax, [ebp-$70]
7c93cd7e   push    eax
7c93cd7f   lea     eax, [ebp-$4c]
7c93cd82   push    eax
7c93cd83   call    +$38a11 ($7c975799)
7c93cd83
7c93cd88   mov     ecx, [ebp-$4c]
7c93cd8b   test    ecx, ecx
7c93cd8d   jz      loc_7c9101d4
7c93cd8d
7c93cd93   cmp     dword ptr [ebp-$70], 0
7c93cd97   jz      loc_7c9101d4
7c93cd97
7c93cd9d   lea     eax, [ecx+$10]
7c93cda0   mov     dx, [ebp-$80]
7c93cda4   mov     [ecx+4], dx
7c93cda8   mov     ecx, [ebp-$4c]
7c93cdab   mov     word ptr [ecx+6], $1021
7c93cdb1   mov     [eax], ebx
7c93cdb3   mov     ecx, [ebp+$10]
7c93cdb6   mov     [eax+4], ecx
7c93cdb9   mov     [eax+8], esi
7c93cdbc   mov     dword ptr [eax+$c], 2
7c93cdc3   push    dword ptr [ebp-$70]
7c93cdc6   jmp     loc_7c93ce5c
7c93cdc6
7c93cdc6 ; ---------------------------------------------------------
7c93cdc6
7c93cdcb loc_7c93cdcb:
7c93cdcb   mov     eax, [$7c97ffbc]
7c93cdd0   xor     ecx, ecx
7c93cdd2   cmp     eax, ecx
7c93cdd4   jnz     loc_7c93cde2
7c93cdd4
7c93cdd6   cmp     [$7c981764], ecx
7c93cddc   jnz     loc_7c9101d4
7c93cddc
7c93cde2 loc_7c93cde2:
7c93cde2   cmp     eax, ebx
7c93cde4   jz      loc_7c9101d4
7c93cde4
7c93cdea   test    byte ptr [$7c98176c], 1
7c93cdf1   jz      loc_7c9101d4
7c93cdf1
7c93cdf7   mov     [ebp-$74], ecx
7c93cdfa   mov     [ebp-$54], ecx
7c93cdfd   mov     dword ptr [ebp-$8c], $20
7c93ce07   lea     eax, [ebp-$8c]
7c93ce0d   push    eax
7c93ce0e   lea     eax, [ebp-$74]
7c93ce11   push    eax
7c93ce12   lea     eax, [ebp-$54]
7c93ce15   push    eax
7c93ce16   call    +$3897e ($7c975799)
7c93ce16
7c93ce1b   mov     ecx, [ebp-$54]
7c93ce1e   test    ecx, ecx
7c93ce20   jz      loc_7c9101d4
7c93ce20
7c93ce26   cmp     dword ptr [ebp-$74], 0
7c93ce2a   jz      loc_7c9101d4
7c93ce2a
7c93ce30   lea     eax, [ecx+$10]
7c93ce33   mov     dx, [ebp-$8c]
7c93ce3a   mov     [ecx+4], dx
7c93ce3e   mov     ecx, [ebp-$54]
7c93ce41   mov     word ptr [ecx+6], $1021
7c93ce47   mov     [eax], ebx
7c93ce49   mov     ecx, [ebp+$10]
7c93ce4c   mov     [eax+4], ecx
7c93ce4f   mov     [eax+8], esi
7c93ce52   mov     dword ptr [eax+$c], 1
7c93ce59   push    dword ptr [ebp-$74]
7c93ce52
7c93ce5c loc_7c93ce5c:
7c93ce5c   call    +$38884 ($7c9756e5)
7c93ce5c
7c93ce61   jmp     loc_7c9101d4
7c93ce61
7c93ce61 ; ---------------------------------------------------------
7c93ce61
7c93ce66 loc_7c93ce66:
7c93ce66   mov     al, [ebp-$1d]
7c93ce69   mov     ecx, [ebp-$88]
7c93ce6f   jmp     loc_7c91179e
7c93ce6f
7c93ce6f ; ---------------------------------------------------------
7c93ce6f
7c93ce74 loc_7c93ce74:
7c93ce74   cmp     byte ptr [esi+7], -1
7c93ce78   jnz     loc_7c93cea3
7c93ce78
7c93ce7a   mov     [ebp-$e4], esi
7c93ce80   mov     ecx, esi
7c93ce82   shr     ecx, 3
7c93ce85   mov     edx, [esi]
7c93ce87   xor     ecx, edx
7c93ce89   xor     ecx, [$7c97e0e4]
7c93ce8f   xor     ecx, ebx
7c93ce91   mov     [ebp-$1ac], ecx
7c93ce97   movzx   ecx, word ptr [ecx+$10]
7c93ce9b   mov     [ebp-$ec], ecx
7c93cea1   jmp     loc_7c93cea6
7c93cea1
7c93cea1 ; ---------------------------------------------------------
7c93cea1
7c93cea3 loc_7c93cea3:
7c93cea3   movzx   ecx, word ptr [esi]
7c93cea1
7c93cea6 loc_7c93cea6:
7c93cea6   mov     [ebp-$cc], ecx
[...]
Like and Invite Your Friends to Like this Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Jika ada Pertanyaan kepada Redaksi, sampaikan melalui Twitter di @PCMedia_ID

86

Re: #Bug PCMAV 8.0 Raptor

Bug PCMAV yang Terintegrasi dengan Clamav Library 0.96.1

date/time         : 2012-07-12, 13:53:17, 437ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 4 hours 30 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 130/958 MB (free/total)
free disk space   : (C:) 7.30 GB (D:) 997.43 MB
display mode      : 1024x768, 32 bit
process id        : $f24
allocated memory  : 245.10 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $9cb68066, $cdf6fb0d, $cdf6fb0d
exception number  : 1
exception message : The application seems to be frozen.

main thread ($adc):
045a08be +15e libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $f70:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $f7c:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($adc) at:
030916e9 +00 IDMShellExt.dll

thread $a7c (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($adc) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $e5c:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($adc) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $9b0:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($adc) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $fcc:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($adc) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $bc8:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $ed4:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $a50:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 447 263 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   35  15  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
f24 PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.96.1

disassembling:
045a0760 public cl_load:                  ; function entry point
045a0760   push    ebp
045a0761   mov     ebp, esp
045a0763   and     esp, -8
045a0766   sub     esp, $34
045a0769   push    ebx
045a076a   push    esi
045a076b   push    edi
045a076c   mov     edi, [ebp+$c]
045a076f   test    edi, edi
045a0771   jnz     loc_45a078a
045a0771
045a0773   push    $462a67c               ; 'cl_load: engine == NULL'
045a0778   call    -$17edd ($45888a0)
045a0778
045a077d   add     esp, 4
045a0780   lea     eax, [edi+2]
045a0783   pop     edi
045a0784   pop     esi
045a0785   pop     ebx
045a0786   mov     esp, ebp
045a0788   pop     ebp
045a0789   ret
045a0789
045a0789 ; ---------------------------------------------------------
045a0789
045a078a loc_45a078a:
045a078a   test    dword ptr [edi+8], $400
045a0791   jz      loc_45a07ac
045a0791
045a0793   push    $462a698               ; 'cl_load(): can't load new databases when engine is already compiled'
045a0798   call    -$17efd ($45888a0)
045a0798
045a079d   add     esp, 4
045a07a0   mov     eax, 3
045a07a5   pop     edi
045a07a6   pop     esi
045a07a7   pop     ebx
045a07a8   mov     esp, ebp
045a07aa   pop     ebp
045a07ab   ret
045a07ab
045a07ab ; ---------------------------------------------------------
045a07ab
045a07ac loc_45a07ac:
045a07ac   mov     esi, [ebp+8]
045a07af   lea     eax, [esp+$10]
045a07b3   push    eax
045a07b4   push    esi
045a07b5   call    +$355e6 ($45d5da0)     ; cw_stat (libclamav.dll)
045a07b5
045a07ba   add     esp, 8
045a07bd   cmp     eax, -1
045a07c0   jnz     loc_45a07dc
045a07c0
045a07c2   push    esi
045a07c3   push    $462a6e0
045a07c8   call    -$17f2d ($45888a0)
045a07c8
045a07cd   add     esp, 8
045a07d0   mov     eax, $c
045a07d5   pop     edi
045a07d6   pop     esi
045a07d7   pop     ebx
045a07d8   mov     esp, ebp
045a07da   pop     ebp
045a07db   ret
045a07db
045a07db ; ---------------------------------------------------------
045a07db
045a07dc loc_45a07dc:
045a07dc   mov     ebx, [ebp+$14]
045a07df   test    bl, 8
045a07e2   jz      loc_45a0800
045a07e2
045a07e4   cmp     dword ptr [edi+$64], 0
045a07e8   jnz     loc_45a0800
045a07e8
045a07ea   mov     ecx, [edi+$68]
045a07ed   test    byte ptr [ecx+$1c], 1
045a07f1   jz      loc_45a0800
045a07f1
045a07f3   call    -$7ef8 ($4598900)
045a07f3
045a07f8   test    eax, eax
045a07fa   jnz     loc_45a08c6
045a07fa
045a0800 loc_45a0800:
045a0800   test    ebx, $2000
045a0806   jz      loc_45a0836
045a0806
045a0808   cmp     dword ptr [edi+$94], 0
045a080f   jnz     loc_45a0836
045a080f
045a0811   mov     edx, [edi+$68]
045a0814   mov     eax, [edx+$20]
045a0817   test    al, $f
045a0819   jz      loc_45a0836
045a0819
045a081b   push    eax
045a081c   lea     eax, [edi+$8c]
045a0822   push    eax
045a0823   call    -$51968 ($454eec0)     ; #362 (libclamav.dll)
045a0823
045a0828   add     esp, 8
045a082b   test    eax, eax
045a082d   jz      loc_45a084c
045a082d
045a082f   pop     edi
045a0830   pop     esi
045a0831   pop     ebx
045a0832   mov     esp, ebp
045a0834   pop     ebp
045a0835   ret
045a0835
045a0835 ; ---------------------------------------------------------
045a0835
045a0836 loc_45a0836:
045a0836   cmp     byte ptr [$4646474], 0  ; #303 (libclamav.dll)
045a083d   jz      loc_45a084c
045a083d
045a083f   push    $462a704               ; 'Bytecode engine disabled'
045a0844   call    -$17f19 ($4588930)
045a0844
045a0849   add     esp, 4
045a0844
045a084c loc_45a084c:
045a084c   push    edi
045a084d   call    -$43552 ($455d300)
045a084d
045a0852   add     esp, 4
045a0855   test    eax, eax
045a0857   jz      loc_45a0865
045a0857
045a0859   mov     eax, $15
045a085e   pop     edi
045a085f   pop     esi
045a0860   pop     ebx
045a0861   mov     esp, ebp
045a0863   pop     ebp
045a0864   ret
045a0864
045a0864 ; ---------------------------------------------------------
045a0864
045a0865 loc_45a0865:
045a0865   mov     eax, [esp+$16]
045a0869   or      [edi+8], ebx
045a086c   and     eax, $f000
045a0871   cmp     eax, $4000
045a0876   jz      loc_45a08b1
045a0876
045a0878   cmp     eax, $8000
045a087d   jz      loc_45a0899
045a087d
045a087f   push    esi
045a0880   push    $462a720               ; 'cl_load(%s): Not supported database file type'
045a0885   call    -$17fea ($45888a0)
045a0885
045a088a   add     esp, 8
045a088d   mov     eax, 9
045a0892   pop     edi
045a0893   pop     esi
045a0894   pop     ebx
045a0895   mov     esp, ebp
045a0897   pop     ebp
045a0898   ret
045a0898
045a0898 ; ---------------------------------------------------------
045a0898
045a0899 loc_45a0899:
045a0899   mov     ecx, [ebp+$10]
045a089c   push    0
045a089e   push    ebx
045a089f   push    ecx
045a08a0   push    edi
045a08a1   push    esi
045a08a2   call    -$1557 ($459f350)
045a08a2
045a08a7   add     esp, $14
045a08aa   pop     edi
045a08ab   pop     esi
045a08ac   pop     ebx
045a08ad   mov     esp, ebp
045a08af   pop     ebp
045a08b0   ret
045a08b0
045a08b0 ; ---------------------------------------------------------
045a08b0
045a08b1 loc_45a08b1:
045a08b1   mov     edx, [ebp+$10]
045a08b4   or      ebx, $800
045a08ba   push    ebx
045a08bb   push    edx
045a08bc   push    edi
045a08bd   push    esi
045a08be > call    -$fa3 ($459f920)
045a08be
045a08c3   add     esp, $10
045a08be
045a08c6 loc_45a08c6:
045a08c6   pop     edi
045a08c7   pop     esi
045a08c8   pop     ebx
045a08c9   mov     esp, ebp
045a08cb   pop     ebp
045a08cc   ret
date/time         : 2012-07-09, 15:41:21, 140ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 5 hours 18 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 258/958 MB (free/total)
free disk space   : (C:) 7.60 GB (D:) 1.37 GB
display mode      : 1024x768, 32 bit
process id        : $23c
allocated memory  : 266.46 MB
executable        : PCMAV.exe
exec. date/time   : 2012-06-22 15:14
version           : 8.0.60980.27425
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c118, $41c440d6, $ca7513bd
callstack crc     : $3aa7a549, $1279c763, $1279c763
exception number  : 1
exception message : The application seems to be frozen.

main thread ($6cc):
00754b40 +298 PCMAV.exe segment%136 public%16962
00756dda +102 PCMAV.exe segment%140 public%16984
008d6728 +11c PCMAV.exe segment%265 public%20605
008d8c05 +cbd PCMAV.exe segment%265 public%20629
0059d5f1 +015 PCMAV.exe segment%79  public%9572
005a1b71 +0a9 PCMAV.exe segment%79  public%9692
004fd218 +2d4 PCMAV.exe segment%62  public%5999
00501b63 +5b3 PCMAV.exe segment%62  public%6158
0059dff2 +5f2 PCMAV.exe segment%79  public%9586
004fce3c +024 PCMAV.exe segment%62  public%5992
00500f61 +10d PCMAV.exe segment%62  public%6149
00501070 +0bc PCMAV.exe segment%62  public%6150
00503c2e +026 PCMAV.exe segment%62  public%6249
004fd218 +2d4 PCMAV.exe segment%62  public%5999
00501b63 +5b3 PCMAV.exe segment%62  public%6158
0059dff2 +5f2 PCMAV.exe segment%79  public%9586
004fce3c +024 PCMAV.exe segment%62  public%5992
004fb81a +026 PCMAV.exe segment%62  public%5908
0059d88a +03a PCMAV.exe segment%79  public%9581
005a7443 +0b3 PCMAV.exe segment%79  public%9883
008ee25d +13d PCMAV.exe segment%393 public%20888

thread $2a0:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $a94:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc325 +0d PCMAV.exe       segment%36 public%4584
004bc38f +37 PCMAV.exe       segment%36 public%4585
>> created by main thread ($6cc) at:
02c416e9 +00 IDMShellExt.dll

thread $20c (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00677a7d +19 PCMAV.exe    segment%98 public%13639
004bc443 +2b PCMAV.exe    segment%36 public%4586
004835e2 +42 PCMAV.exe    segment%30 public%3630
00408520 +28 PCMAV.exe    segment%0  public%327
004bc325 +0d PCMAV.exe    segment%36 public%4584
004bc38f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6cc) at:
00677972 +16 PCMAV.exe    segment%98 public%13635

thread $ea8:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da70f +2f PCMAV.exe    segment%89 public%10955
005da2d2 +36 PCMAV.exe    segment%89 public%10934
004bc325 +0d PCMAV.exe    segment%36 public%4584
004bc38f +37 PCMAV.exe    segment%36 public%4585
>> created by main thread ($6cc) at:
005da01d +6d PCMAV.exe    segment%89 public%10932

thread $890:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b2e1d +4d PCMAV.exe    segment%101 public%14689
005da2d2 +36 PCMAV.exe    segment%89  public%10934
004bc325 +0d PCMAV.exe    segment%36  public%4584
004bc38f +37 PCMAV.exe    segment%36  public%4585
>> created by main thread ($6cc) at:
005da01d +6d PCMAV.exe    segment%89  public%10932

thread $9f8:
7e4191ec +26 USER32.dll             GetMessageW
006b21e3 +bb PCMAV.exe  segment%101 public%14679
005da2d2 +36 PCMAV.exe  segment%89  public%10934
004bc325 +0d PCMAV.exe  segment%36  public%4584
004bc38f +37 PCMAV.exe  segment%36  public%4585
>> created by main thread ($6cc) at:
005da01d +6d PCMAV.exe  segment%89  public%10932

thread $d8c:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $19c:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $798:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle                0   0
004 System              0   0   normal
690 smss.exe            0   0   normal C:\WINDOWS\system32
788 csrss.exe           43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe        51  14  high   C:\WINDOWS\system32
0c0 services.exe        4   2   normal C:\WINDOWS\system32
0b8 lsass.exe           4   2   normal C:\WINDOWS\system32
1cc svchost.exe         4   1   normal C:\WINDOWS\system32
394 svchost.exe         4   1   normal C:\WINDOWS\system32
3e4 svchost.exe         11  32  normal C:\WINDOWS\System32
494 svchost.exe         4   1   normal C:\WINDOWS\system32
580 svchost.exe         4   2   normal C:\WINDOWS\system32
658 spoolsv.exe         4   4   normal C:\WINDOWS\system32
75c alg.exe             4   2   normal C:\WINDOWS\System32
090 ekrn.exe            11  11  normal C:\Program Files\ESET\ESET Smart Security
254 svchost.exe         4   1   normal C:\WINDOWS\System32
4b0 Explorer.EXE        549 267 normal C:\WINDOWS
5ac VTTimer.exe         15  5   normal C:\WINDOWS\system32
704 VTtrayp.exe         22  5   normal C:\WINDOWS\system32
6fc SOUNDMAN.EXE        21  8   normal C:\WINDOWS
298 egui.exe            208 60  normal C:\Program Files\ESET\ESET Smart Security
708 WinSnap.exe         100 78  normal C:\Program Files\WinSnap
73c ctfmon.exe          79  37  normal C:\WINDOWS\system32
490 taskmgr.exe         111 124 high   C:\WINDOWS\system32
b90 DllHost.exe         8   3   normal C:\WINDOWS\system32
0ec IDMan.exe           159 79  normal C:\Program Files\Internet Download Manager
c10 NMIndexStoreSvr.exe 11  5   normal C:\Program Files\Common Files\Ahead\Lib
23c PCMAV.exe           233 99  normal D:\PCMAV 8.0 Raptor with Clamav 0.96.1

disassembling:
007548a8 public segment%136.public%16962 (PCMAV.exe):  ; function entry point
007548a8   push    ebp
007548a9   mov     ebp, esp
007548ab   push    ecx
007548ac   mov     ecx, $e
007548ab
007548b1 loc_7548b1:
007548b1   push    0
007548b3   push    0
007548b5   dec     ecx
007548b6   jnz     loc_7548b1
007548b6
007548b8   xchg    ecx, [ebp-4]
007548bb   push    ebx
007548bc   push    esi
007548bd   push    edi
007548be   mov     esi, [ebp+$c]
007548c1   lea     edi, [ebp-$2c]
007548c4   push    ecx
007548c5   mov     ecx, 6
007548ca   rep movsd
007548cc   pop     ecx
007548cd   mov     [ebp-4], edx
007548d0   mov     [ebp-$c], eax
007548d3   mov     eax, [ebp-4]
007548d6   call    -$34c173 ($408768)     ; segment%0.public%341 (PCMAV.exe)
007548d6
007548db   xor     eax, eax
007548dd   push    ebp
007548de   push    $754dab                ; segment%0.public%300 (PCMAV.exe)
007548e3   push    dword ptr fs:[eax]
007548e6   mov     fs:[eax], esp
007548e9   mov     byte ptr [ebp-$d], 0
007548ed   lea     eax, [ebp-8]
007548f0   mov     edx, [ebp-4]
007548f3   call    -$34bdb8 ($408b40)     ; segment%0.public%359 (PCMAV.exe)
007548f3
007548f8   xor     ecx, ecx
007548fa   push    ebp
007548fb   push    $754d0d                ; segment%0.public%298 (PCMAV.exe)
00754900   push    dword ptr fs:[ecx]
00754903   mov     fs:[ecx], esp
00754906   cmp     dword ptr [ebp-8], 0
0075490a   jz      loc_754925
0075490a
0075490c   lea     eax, [ebp-$30]
0075490f   mov     edx, [ebp-8]
00754912   call    -$34b0eb ($40982c)     ; segment%0.public%421 (PCMAV.exe)
00754912
00754917   mov     eax, [ebp-$30]
0075491a   mov     dl, 1
0075491c   call    -$30608d ($44e894)     ; segment%26.public%2236 (PCMAV.exe)
0075491c
00754921   test    al, al
00754923   jnz     loc_75493c
00754923
00754925 loc_754925:
00754925   mov     eax, $754dcc
0075492a   call    -$1f7 ($754738)        ; segment%136.public%16959 (PCMAV.exe)
0075492a
0075492f   xor     eax, eax
00754931   pop     edx
00754932   pop     ecx
00754933   pop     ecx
00754934   mov     fs:[eax], edx
00754937   jmp     loc_754d2c
00754937
00754937 ; ---------------------------------------------------------
00754937
0075493c loc_75493c:
0075493c   mov     edx, [ebp-8]
0075493f   mov     eax, edx
00754941   test    eax, eax
00754943   jz      loc_75494a
00754943
00754945   sub     eax, 4
00754948   mov     eax, [eax]
00754945
0075494a loc_75494a:
0075494a   mov     ecx, [ebp-8]
0075494d   cmp     byte ptr [ecx+eax-1], $5c
00754952   jnz     loc_754973
00754952
00754954   mov     ebx, edx
00754956   test    ebx, ebx
00754958   jz      loc_75495f
00754958
0075495a   sub     ebx, 4
0075495d   mov     ebx, [ebx]
0075495a
0075495f loc_75495f:
0075495f   lea     eax, [ebp-8]
00754962   push    eax
00754963   mov     ecx, ebx
00754965   dec     ecx
00754966   mov     edx, 1
0075496b   mov     eax, [ebp-8]
0075496e   call    -$34b82b ($409148)     ; segment%0.public%392 (PCMAV.exe)
0075496e
00754973 loc_754973:
00754973   lea     eax, [ebp-$34]
00754976   mov     edx, [ebp-4]
00754979   call    -$34b152 ($40982c)     ; segment%0.public%421 (PCMAV.exe)
00754979
0075497e   mov     eax, [ebp-$34]
00754981   call    -$cea ($753c9c)        ; segment%135.public%16957 (PCMAV.exe)
00754981
00754986   test    al, al
00754988   jnz     loc_7549a1
00754988
0075498a   mov     eax, $754e2c
0075498f   call    -$25c ($754738)        ; segment%136.public%16959 (PCMAV.exe)
0075498f
00754994   xor     eax, eax
00754996   pop     edx
00754997   pop     ecx
00754998   pop     ecx
00754999   mov     fs:[eax], edx
0075499c   jmp     loc_754d2c
0075499c
0075499c ; ---------------------------------------------------------
0075499c
007549a1 loc_7549a1:
007549a1   push    dword ptr [ebp-8]
007549a4   push    $754e7c
007549a9   push    $754e8c                ; 'main.cvd'
007549ae   lea     eax, [ebp-$3c]
007549b1   mov     edx, 3
007549b6   call    -$34b9d3 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
007549b6
007549bb   mov     edx, [ebp-$3c]
007549be   lea     eax, [ebp-$38]
007549c1   call    -$34b19a ($40982c)     ; segment%0.public%421 (PCMAV.exe)
007549c1
007549c6   mov     eax, [ebp-$38]
007549c9   mov     dl, 1
007549cb   call    -$3061d4 ($44e7fc)     ; segment%26.public%2235 (PCMAV.exe)
007549cb
007549d0   test    al, al
007549d2   jz      loc_754a07
007549d2
007549d4   push    dword ptr [ebp-8]
007549d7   push    $754e7c
007549dc   push    $754ea4                ; 'daily.cvd'
007549e1   lea     eax, [ebp-$44]
007549e4   mov     edx, 3
007549e9   call    -$34ba06 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
007549e9
007549ee   mov     edx, [ebp-$44]
007549f1   lea     eax, [ebp-$40]
007549f4   call    -$34b1cd ($40982c)     ; segment%0.public%421 (PCMAV.exe)
007549f4
007549f9   mov     eax, [ebp-$40]
007549fc   mov     dl, 1
007549fe   call    -$306207 ($44e7fc)     ; segment%26.public%2235 (PCMAV.exe)
007549fe
00754a03   test    al, al
00754a05   jnz     loc_754a1e
00754a05
00754a07 loc_754a07:
00754a07   mov     eax, $754ebc
00754a0c   call    -$2d9 ($754738)        ; segment%136.public%16959 (PCMAV.exe)
00754a0c
00754a11   xor     eax, eax
00754a13   pop     edx
00754a14   pop     ecx
00754a15   pop     ecx
00754a16   mov     fs:[eax], edx
00754a19   jmp     loc_754d2c
00754a19
00754a19 ; ---------------------------------------------------------
00754a19
00754a1e loc_754a1e:
00754a1e   push    0
00754a20   mov     eax, [$907914]
00754a25   mov     eax, [eax]
00754a27   call    eax
00754a27
00754a29   pop     ecx
00754a2a   test    eax, eax
00754a2c   jz      loc_754a45
00754a2c
00754a2e   mov     eax, $754f20
00754a33   call    -$300 ($754738)        ; segment%136.public%16959 (PCMAV.exe)
00754a33
00754a38   xor     eax, eax
00754a3a   pop     edx
00754a3b   pop     ecx
00754a3c   pop     ecx
00754a3d   mov     fs:[eax], edx
00754a40   jmp     loc_754d2c
00754a40
00754a40 ; ---------------------------------------------------------
00754a40
00754a45 loc_754a45:
00754a45   cmp     byte ptr [ebp+8], 0
00754a49   jz      loc_754a54
00754a49
00754a4b   mov     eax, [$9077d4]
00754a50   mov     eax, [eax]
00754a52   call    eax
00754a52
00754a54 loc_754a54:
00754a54   push    dword ptr [ebp-8]
00754a57   push    $754e7c
00754a5c   push    $754e8c                ; 'main.cvd'
00754a61   lea     eax, [ebp-$48]
00754a64   mov     edx, 3
00754a69   call    -$34ba86 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
00754a69
00754a6e   mov     eax, [ebp-$48]
00754a71   call    -$34b946 ($409130)     ; segment%0.public%391 (PCMAV.exe)
00754a71
00754a76   push    eax
00754a77   mov     eax, [$9071cc]
00754a7c   mov     eax, [eax]
00754a7e   call    eax
00754a7e
00754a80   pop     ecx
00754a81   test    eax, eax
00754a83   jnz     loc_754ab6
00754a83
00754a85   push    dword ptr [ebp-8]
00754a88   push    $754e7c
00754a8d   push    $754ea4                ; 'daily.cvd'
00754a92   lea     eax, [ebp-$4c]
00754a95   mov     edx, 3
00754a9a   call    -$34bab7 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
00754a9a
00754a9f   mov     eax, [ebp-$4c]
00754aa2   call    -$34b977 ($409130)     ; segment%0.public%391 (PCMAV.exe)
00754aa2
00754aa7   push    eax
00754aa8   mov     eax, [$9071cc]
00754aad   mov     eax, [eax]
00754aaf   call    eax
00754aaf
00754ab1   pop     ecx
00754ab2   test    eax, eax
00754ab4   jz      loc_754acd
00754ab4
00754ab6 loc_754ab6:
00754ab6   mov     eax, $754f58
00754abb   call    -$388 ($754738)        ; segment%136.public%16959 (PCMAV.exe)
00754abb
00754ac0   xor     eax, eax
00754ac2   pop     edx
00754ac3   pop     ecx
00754ac4   pop     ecx
00754ac5   mov     fs:[eax], edx
00754ac8   jmp     loc_754d2c
00754ac8
00754ac8 ; ---------------------------------------------------------
00754ac8
00754acd loc_754acd:
00754acd   mov     eax, [$907d00]
00754ad2   mov     eax, [eax]
00754ad4   call    eax
00754ad4
00754ad6   mov     edx, eax
00754ad8   mov     eax, [ebp-$c]
00754adb   add     eax, $30
00754ade   call    -$34b357 ($40978c)     ; segment%0.public%417 (PCMAV.exe)
00754ade
00754ae3   mov     eax, [$907d68]
00754ae8   mov     eax, [eax]
00754aea   call    eax
00754aea
00754aec   mov     ebx, eax
00754aee   mov     eax, [ebp-$c]
00754af1   mov     [eax+4], ebx
00754af4   test    ebx, ebx
00754af6   jnz     loc_754b05
00754af6
00754af8   xor     eax, eax
00754afa   pop     edx
00754afb   pop     ecx
00754afc   pop     ecx
00754afd   mov     fs:[eax], edx
00754b00   jmp     loc_754d2c
00754b00
00754b00 ; ---------------------------------------------------------
00754b00
00754b05 loc_754b05:
00754b05   xor     eax, eax
00754b07   push    ebp
00754b08   push    $754b52                ; segment%0.public%298 (PCMAV.exe)
00754b0d   push    dword ptr fs:[eax]
00754b10   mov     fs:[eax], esp
00754b13   mov     eax, [ebp-$c]
00754b16   xor     edx, edx
00754b18   mov     [eax+8], edx
00754b1b   mov     eax, [ebp-$c]
00754b1e   mov     eax, [eax+$c]
00754b21   push    eax
00754b22   mov     eax, [ebp-$c]
00754b25   add     eax, 8
00754b28   push    eax
00754b29   mov     eax, [ebp-$c]
00754b2c   mov     eax, [eax+4]
00754b2f   push    eax
00754b30   mov     eax, [ebp-8]
00754b33   call    -$34ba08 ($409130)     ; segment%0.public%391 (PCMAV.exe)
00754b33
00754b38   push    eax
00754b39   mov     eax, [$90722c]
00754b3e   mov     eax, [eax]
00754b40 > call    eax
00754b40
00754b42   add     esp, $10
00754b45   mov     [ebp-$14], eax
00754b48   xor     eax, eax
00754b4a   pop     edx
00754b4b   pop     ecx
00754b4c   pop     ecx
00754b4d   mov     fs:[eax], edx
00754b50   jmp     loc_754b8c
00754b50
00754b50 ; ---------------------------------------------------------
00754b50
00754b52   jmp     -$34d25b ($4078fc)     ; segment%0.public%298 (PCMAV.exe)
00754b52
00754b57   mov     eax, [ebp-$14]
00754b5a   push    eax
00754b5b   mov     eax, [$906cdc]
00754b60   mov     eax, [eax]
00754b62   call    eax
00754b62
00754b64   pop     ecx
00754b65   mov     edx, eax
00754b67   lea     eax, [ebp-$54]
00754b6a   call    -$34b3e3 ($40978c)     ; segment%0.public%417 (PCMAV.exe)
00754b6a
00754b6f   mov     ecx, [ebp-$54]
00754b72   lea     eax, [ebp-$50]
00754b75   mov     edx, $754fac
00754b7a   call    -$34b1bf ($4099c0)     ; segment%0.public%428 (PCMAV.exe)
00754b7a
00754b7f   mov     eax, [ebp-$50]
00754b82   call    -$44f ($754738)        ; segment%136.public%16959 (PCMAV.exe)
00754b82
00754b87   call    -$34cd74 ($407e18)     ; segment%0.public%305 (PCMAV.exe)
00754b87
00754b8c loc_754b8c:
00754b8c   cmp     dword ptr [ebp-$14], 0
00754b90   jz      loc_754be0
00754b90
00754b92   mov     eax, [ebp-$14]
00754b95   push    eax
00754b96   mov     eax, [$906cdc]
00754b9b   mov     eax, [eax]
00754b9d   call    eax
00754b9d
00754b9f   pop     ecx
00754ba0   mov     edx, eax
00754ba2   lea     eax, [ebp-$5c]
00754ba5   call    -$34b41e ($40978c)     ; segment%0.public%417 (PCMAV.exe)
00754ba5
00754baa   mov     ecx, [ebp-$5c]
00754bad   lea     eax, [ebp-$58]
00754bb0   mov     edx, $754fe8
00754bb5   call    -$34b1fa ($4099c0)     ; segment%0.public%428 (PCMAV.exe)
00754bb5
00754bba   mov     eax, [ebp-$58]
00754bbd   call    -$48a ($754738)        ; segment%136.public%16959 (PCMAV.exe)
00754bbd
00754bc2   mov     eax, [ebp-$c]
00754bc5   mov     eax, [eax+4]
00754bc8   push    eax
00754bc9   mov     eax, [$9076b8]
00754bce   mov     eax, [eax]
00754bd0   call    eax
00754bd0
00754bd2   pop     ecx
00754bd3   xor     eax, eax
00754bd5   pop     edx
00754bd6   pop     ecx
00754bd7   pop     ecx
00754bd8   mov     fs:[eax], edx
00754bdb   jmp     loc_754d2c
00754bdb
00754bdb ; ---------------------------------------------------------
00754bdb
00754be0 loc_754be0:
00754be0   mov     eax, [ebp-$c]
00754be3   mov     eax, [eax+8]
00754be6   mov     edx, [ebp-$c]
00754be9   mov     [edx+$34], eax
00754bec   push    dword ptr [ebp-8]
00754bef   push    $754e7c
00754bf4   push    $754e8c                ; 'main.cvd'
00754bf9   lea     eax, [ebp-$60]
00754bfc   mov     edx, 3
00754c01   call    -$34bc1e ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
00754c01
00754c06   mov     eax, [ebp-$60]
00754c09   call    -$34bade ($409130)     ; segment%0.public%391 (PCMAV.exe)
00754c09
00754c0e   push    eax
00754c0f   mov     eax, [$90764c]
00754c14   mov     eax, [eax]
00754c16   call    eax
00754c16
00754c18   pop     ecx
00754c19   mov     edx, [ebp-$c]
00754c1c   mov     [edx+$40], eax
00754c1f   push    dword ptr [ebp-8]
00754c22   push    $754e7c
00754c27   push    $754ea4                ; 'daily.cvd'
00754c2c   lea     eax, [ebp-$64]
00754c2f   mov     edx, 3
00754c34   call    -$34bc51 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
00754c34
00754c39   mov     eax, [ebp-$64]
00754c3c   call    -$34bb11 ($409130)     ; segment%0.public%391 (PCMAV.exe)
00754c3c
00754c41   push    eax
00754c42   mov     eax, [$90764c]
00754c47   mov     eax, [eax]
00754c49   call    eax
00754c49
00754c4b   pop     ecx
00754c4c   mov     edx, [ebp-$c]
00754c4f   mov     [edx+$44], eax
00754c52   push    dword ptr [ebp-8]
00754c55   push    $754e7c
00754c5a   push    $754e8c                ; 'main.cvd'
00754c5f   lea     eax, [ebp-$6c]
00754c62   mov     edx, 3
00754c67   call    -$34bc84 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
00754c67
00754c6c   mov     edx, [ebp-$6c]
00754c6f   lea     eax, [ebp-$68]
00754c72   call    -$34b44b ($40982c)     ; segment%0.public%421 (PCMAV.exe)
00754c72
00754c77   mov     eax, [ebp-$68]
00754c7a   call    -$4e3 ($75479c)        ; segment%136.public%16960 (PCMAV.exe)
00754c7a
00754c7f   mov     edx, [ebp-$c]
00754c82   mov     [edx+$38], eax
00754c85   push    dword ptr [ebp-8]
00754c88   push    $754e7c
00754c8d   push    $754ea4                ; 'daily.cvd'
00754c92   lea     eax, [ebp-$74]
00754c95   mov     edx, 3
00754c9a   call    -$34bcb7 ($408fe8)     ; segment%0.public%389 (PCMAV.exe)
00754c9a
00754c9f   mov     edx, [ebp-$74]
00754ca2   lea     eax, [ebp-$70]
00754ca5   call    -$34b47e ($40982c)     ; segment%0.public%421 (PCMAV.exe)
00754ca5
00754caa   mov     eax, [ebp-$70]
00754cad   call    -$516 ($75479c)        ; segment%136.public%16960 (PCMAV.exe)
00754cad
00754cb2   mov     edx, [ebp-$c]
00754cb5   mov     [edx+$3c], eax
00754cb8   mov     eax, [ebp-$c]
00754cbb   mov     eax, [eax+4]
00754cbe   push    eax
00754cbf   mov     eax, [$9079e8]
00754cc4   mov     eax, [eax]
00754cc6   call    eax
00754cc6
00754cc8   pop     ecx
00754cc9   test    eax, eax
00754ccb   jz      loc_754cf2
00754ccb
00754ccd   mov     eax, $75500c
00754cd2   call    -$59f ($754738)        ; segment%136.public%16959 (PCMAV.exe)
00754cd2
00754cd7   mov     eax, [ebp-$c]
00754cda   mov     eax, [eax+4]
00754cdd   push    eax
00754cde   mov     eax, [$9076b8]
00754ce3   mov     eax, [eax]
00754ce5   call    eax
00754ce5
00754ce7   pop     ecx
00754ce8   xor     eax, eax
00754cea   pop     edx
00754ceb   pop     ecx
00754cec   pop     ecx
00754ced   mov     fs:[eax], edx
00754cf0   jmp     loc_754d2c
00754cf0
00754cf0 ; ---------------------------------------------------------
00754cf0
00754cf2 loc_754cf2:
00754cf2   mov     eax, [ebp-$c]
00754cf5   mov     byte ptr [eax+$2c], 1
00754cf9   mov     eax, [ebp-$c]
00754cfc   movzx   eax, byte ptr [eax+$2c]
00754d00   mov     [ebp-$d], al
00754d03   xor     eax, eax
00754d05   pop     edx
00754d06   pop     ecx
00754d07   pop     ecx
00754d08   mov     fs:[eax], edx
00754d0b   jmp     loc_754d2c
00754d0b
00754d0b ; ---------------------------------------------------------
00754d0b
00754d0d   jmp     -$34d416 ($4078fc)     ; segment%0.public%298 (PCMAV.exe)
00754d0d
00754d12   mov     byte ptr [ebp-$d], 0
00754d16   mov     eax, [ebp-$c]
00754d19   movzx   edx, byte ptr [ebp-$d]
00754d1d   mov     [eax+$2c], dl
00754d20   call    -$34cf0d ($407e18)     ; segment%0.public%305 (PCMAV.exe)
00754d20
00754d25   jmp     loc_754d2c
00754d25
00754d25 ; ---------------------------------------------------------
00754d25
00754d2c loc_754d2c:
00754d2c   xor     eax, eax
00754d2e   pop     edx
00754d2f   pop     ecx
00754d30   pop     ecx
00754d31   mov     fs:[eax], edx
00754d34   push    $754db2
00754d31
00754d39 loc_754d39:
00754d39   lea     eax, [ebp-$74]
00754d3c   call    -$34c6a9 ($408698)     ; segment%0.public%335 (PCMAV.exe)
00754d3c
00754d41   lea     eax, [ebp-$70]
00754d44   call    -$34c6d5 ($408674)     ; segment%0.public%334 (PCMAV.exe)
00754d44
00754d49   lea     eax, [ebp-$6c]
00754d4c   call    -$34c6b9 ($408698)     ; segment%0.public%335 (PCMAV.exe)
00754d4c
00754d51   lea     eax, [ebp-$68]
00754d54   call    -$34c6e5 ($408674)     ; segment%0.public%334 (PCMAV.exe)
00754d54
00754d59   lea     eax, [ebp-$64]
00754d5c   mov     edx, 2
00754d61   call    -$34c662 ($408704)     ; segment%0.public%338 (PCMAV.exe)
00754d61
00754d66   lea     eax, [ebp-$5c]
00754d69   mov     edx, 4
00754d6e   call    -$34c69f ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
00754d6e
00754d73   lea     eax, [ebp-$4c]
00754d76   mov     edx, 3
00754d7b   call    -$34c67c ($408704)     ; segment%0.public%338 (PCMAV.exe)
00754d7b
00754d80   lea     eax, [ebp-$40]
00754d83   call    -$34c714 ($408674)     ; segment%0.public%334 (PCMAV.exe)
00754d83
00754d88   lea     eax, [ebp-$3c]
00754d8b   call    -$34c6f8 ($408698)     ; segment%0.public%335 (PCMAV.exe)
00754d8b
00754d90   lea     eax, [ebp-$38]
00754d93   mov     edx, 3
00754d98   call    -$34c6c9 ($4086d4)     ; segment%0.public%337 (PCMAV.exe)
00754d98
00754d9d   lea     eax, [ebp-8]
00754da0   mov     edx, 2
00754da5   call    -$34c6a6 ($408704)     ; segment%0.public%338 (PCMAV.exe)
00754da5
00754daa   ret
00754daa
00754daa ; ---------------------------------------------------------
00754daa
00754dab   jmp     -$34d200 ($407bb0)     ; segment%0.public%300 (PCMAV.exe)
00754dab
00754db0   jmp     loc_754d39
00754db0
00754db0 ; ---------------------------------------------------------
00754db0
00754db2   movzx   eax, byte ptr [ebp-$d]
00754db6   pop     edi
00754db7   pop     esi
00754db8   pop     ebx
00754db9   mov     esp, ebp
00754dbb   pop     ebp
00754dbc   ret     $c

Bug PCMAV yang Terintegrasi dengan Clamav Library 0.96.5

date/time         : 2012-07-12, 12:34:33, 312ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 3 hours 11 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 149/958 MB (free/total)
free disk space   : (C:) 7.31 GB (D:) 997.76 MB
display mode      : 1024x768, 32 bit
process id        : $6ac
allocated memory  : 213.87 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $640a6d92, $a4be3c88, $a4be3c88
exception number  : 1
exception message : The application seems to be frozen.

main thread ($e3c):
045a62e7 +157 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $f24:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $8a4:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($e3c) at:
030916e9 +00 IDMShellExt.dll

thread $834 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($e3c) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $e78:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($e3c) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $f40:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($e3c) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $eac:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($e3c) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $848:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $d10:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $83c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 621 460 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   111 53  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
6ac PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.96.5

disassembling:
045a6190 public cl_load:                  ; function entry point
045a6190   push    ebp
045a6191   mov     ebp, esp
045a6193   and     esp, -8
045a6196   sub     esp, $34
045a6199   push    ebx
045a619a   push    esi
045a619b   mov     esi, [ebp+$c]
045a619e   test    esi, esi
045a61a0   push    edi
045a61a1   jnz     loc_45a61ba
045a61a1
045a61a3   push    $4636a8c               ; 'cl_load: engine == NULL'
045a61a8   call    -$1a0fd ($458c0b0)     ; #301 (libclamav.dll)
045a61a8
045a61ad   add     esp, 4
045a61b0   lea     eax, [esi+2]
045a61b3   pop     edi
045a61b4   pop     esi
045a61b5   pop     ebx
045a61b6   mov     esp, ebp
045a61b8   pop     ebp
045a61b9   ret
045a61b9
045a61b9 ; ---------------------------------------------------------
045a61b9
045a61ba loc_45a61ba:
045a61ba   test    dword ptr [esi+8], $400
045a61c1   jz      loc_45a61dc
045a61c1
045a61c3   push    $4636aa8               ; 'cl_load(): can't load new databases when engine is already compiled'
045a61c8   call    -$1a11d ($458c0b0)     ; #301 (libclamav.dll)
045a61c8
045a61cd   add     esp, 4
045a61d0   mov     eax, 3
045a61d5   pop     edi
045a61d6   pop     esi
045a61d7   pop     ebx
045a61d8   mov     esp, ebp
045a61da   pop     ebp
045a61db   ret
045a61db
045a61db ; ---------------------------------------------------------
045a61db
045a61dc loc_45a61dc:
045a61dc   mov     edi, [ebp+8]
045a61df   lea     eax, [esp+$10]
045a61e3   push    eax
045a61e4   push    edi
045a61e5   call    +$36636 ($45dc820)     ; cw_stat (libclamav.dll)
045a61e5
045a61ea   add     esp, 8
045a61ed   cmp     eax, -1
045a61f0   jnz     loc_45a620c
045a61f0
045a61f2   push    edi
045a61f3   push    $4636af0
045a61f8   call    -$1a14d ($458c0b0)     ; #301 (libclamav.dll)
045a61f8
045a61fd   add     esp, 8
045a6200   mov     eax, $b
045a6205   pop     edi
045a6206   pop     esi
045a6207   pop     ebx
045a6208   mov     esp, ebp
045a620a   pop     ebp
045a620b   ret
045a620b
045a620b ; ---------------------------------------------------------
045a620b
045a620c loc_45a620c:
045a620c   mov     ebx, [ebp+$14]
045a620f   test    bl, 8
045a6212   jz      loc_45a6234
045a6212
045a6214   cmp     dword ptr [esi+$64], 0
045a6218   jnz     loc_45a6234
045a6218
045a621a   mov     ecx, [esi+$68]
045a621d   test    byte ptr [ecx+$1c], 1
045a6221   jz      loc_45a6234
045a6221
045a6223   push    esi
045a6224   call    -$8329 ($459df00)
045a6224
045a6229   add     esp, 4
045a622c   test    eax, eax
045a622e   jnz     loc_45a62ef
045a622e
045a6234 loc_45a6234:
045a6234   test    ebx, $2000
045a623a   jz      loc_45a625f
045a623a
045a623c   cmp     dword ptr [esi+$2a4], 0
045a6243   jnz     loc_45a625f
045a6243
045a6245   lea     edx, [esi+$ac]
045a624b   push    edx
045a624c   call    -$56051 ($4550200)     ; #362 (libclamav.dll)
045a624c
045a6251   add     esp, 4
045a6254   test    eax, eax
045a6256   jz      loc_45a6275
045a6256
045a6258   pop     edi
045a6259   pop     esi
045a625a   pop     ebx
045a625b   mov     esp, ebp
045a625d   pop     ebp
045a625e   ret
045a625e
045a625e ; ---------------------------------------------------------
045a625e
045a625f loc_45a625f:
045a625f   cmp     byte ptr [$46537f4], 0  ; #300 (libclamav.dll)
045a6266   jz      loc_45a6275
045a6266
045a6268   push    $4636b14               ; 'Bytecode engine disabled'
045a626d   call    -$1a062 ($458c210)     ; #303 (libclamav.dll)
045a626d
045a6272   add     esp, 4
045a626d
045a6275 loc_45a6275:
045a6275   push    esi
045a6276   call    -$468eb ($455f990)
045a6276
045a627b   add     esp, 4
045a627e   test    eax, eax
045a6280   jz      loc_45a628e
045a6280
045a6282   mov     eax, $14
045a6287   pop     edi
045a6288   pop     esi
045a6289   pop     ebx
045a628a   mov     esp, ebp
045a628c   pop     ebp
045a628d   ret
045a628d
045a628d ; ---------------------------------------------------------
045a628d
045a628e loc_45a628e:
045a628e   mov     eax, [esp+$16]
045a6292   or      [esi+8], ebx
045a6295   and     eax, $f000
045a629a   cmp     eax, $4000
045a629f   jz      loc_45a62da
045a629f
045a62a1   cmp     eax, $8000
045a62a6   jz      loc_45a62c2
045a62a6
045a62a8   push    edi
045a62a9   push    $4636b30               ; 'cl_load(%s): Not supported database file type'
045a62ae   call    -$1a203 ($458c0b0)     ; #301 (libclamav.dll)
045a62ae
045a62b3   add     esp, 8
045a62b6   mov     eax, 8
045a62bb   pop     edi
045a62bc   pop     esi
045a62bd   pop     ebx
045a62be   mov     esp, ebp
045a62c0   pop     ebp
045a62c1   ret
045a62c1
045a62c1 ; ---------------------------------------------------------
045a62c1
045a62c2 loc_45a62c2:
045a62c2   mov     eax, [ebp+$10]
045a62c5   push    0
045a62c7   push    ebx
045a62c8   push    eax
045a62c9   push    esi
045a62ca   push    edi
045a62cb   call    -$1590 ($45a4d40)
045a62cb
045a62d0   add     esp, $14
045a62d3   pop     edi
045a62d4   pop     esi
045a62d5   pop     ebx
045a62d6   mov     esp, ebp
045a62d8   pop     ebp
045a62d9   ret
045a62d9
045a62d9 ; ---------------------------------------------------------
045a62d9
045a62da loc_45a62da:
045a62da   mov     ecx, [ebp+$10]
045a62dd   or      ebx, $800
045a62e3   push    ebx
045a62e4   push    ecx
045a62e5   push    esi
045a62e6   push    edi
045a62e7 > call    -$fbc ($45a5330)
045a62e7
045a62ec   add     esp, $10
045a62e7
045a62ef loc_45a62ef:
045a62ef   pop     edi
045a62f0   pop     esi
045a62f1   pop     ebx
045a62f2   mov     esp, ebp
045a62f4   pop     ebp
045a62f5   ret
date/time         : 2012-07-12, 12:25:52, 421ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 3 hours 3 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 146/958 MB (free/total)
free disk space   : (C:) 7.31 GB (D:) 997.78 MB
display mode      : 1024x768, 32 bit
process id        : $b30
allocated memory  : 228.37 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $ac3e1b3d, $9ca49634, $9ca49634
exception number  : 1
exception message : The application seems to be frozen.

main thread ($d98):
02fc4d81 +078 MSVCR80.dll             malloc
00757768 +298 PCMAV.exe   segment%136 public%16966
00759a1e +102 PCMAV.exe   segment%140 public%16988
008d9ef4 +11c PCMAV.exe   segment%265 public%20615
008dc3d1 +cbd PCMAV.exe   segment%265 public%20639
0059d621 +015 PCMAV.exe   segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe   segment%79  public%9694
004fd228 +2d4 PCMAV.exe   segment%62  public%6000
00501b73 +5b3 PCMAV.exe   segment%62  public%6159
0059e022 +5f2 PCMAV.exe   segment%79  public%9588
004fce4c +024 PCMAV.exe   segment%62  public%5993
00500f71 +10d PCMAV.exe   segment%62  public%6150
00501080 +0bc PCMAV.exe   segment%62  public%6151
00503c3e +026 PCMAV.exe   segment%62  public%6250
004fd228 +2d4 PCMAV.exe   segment%62  public%6000
00501b73 +5b3 PCMAV.exe   segment%62  public%6159
0059e022 +5f2 PCMAV.exe   segment%79  public%9588
004fce4c +024 PCMAV.exe   segment%62  public%5993
004fb82a +026 PCMAV.exe   segment%62  public%5909
0059d8ba +03a PCMAV.exe   segment%79  public%9583
005a7473 +0b3 PCMAV.exe   segment%79  public%9885
008f2289 +13d PCMAV.exe   segment%393 public%20900

thread $ea8:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $f10:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($d98) at:
030916e9 +00 IDMShellExt.dll

thread $428 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($d98) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $9bc:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($d98) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $d88:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($d98) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $f64:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($d98) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $880:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $c8:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $4a0:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   1   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 610 459 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     191 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   105 50  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 44  normal C:\Program Files\Mozilla Firefox
b30 PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.96.5

disassembling:
02fc4d09 public malloc:                   ; function entry point
02fc4d09   push    ebx
02fc4d0a   mov     ebx, [esp+8]
02fc4d0e   cmp     ebx, -$20
02fc4d11   ja      loc_2fc4dc3
02fc4d11
02fc4d17   push    ebp
02fc4d18   mov     ebp, [$3024048]
02fc4d1e   push    esi
02fc4d1f   push    edi
02fc4d1e
02fc4d20 loc_2fc4d20:
02fc4d20   xor     esi, esi
02fc4d22   cmp     [$3053ffc], esi
02fc4d28   mov     edi, ebx
02fc4d2a   jnz     loc_2fc4d44
02fc4d2a
02fc4d2c   call    -$30a7 ($2fc1c8a)
02fc4d2c
02fc4d31   push    $1e
02fc4d33   call    -$326e ($2fc1aca)
02fc4d33
02fc4d38   push    $ff
02fc4d3d   call    -$3636 ($2fc170c)
02fc4d3d
02fc4d42   pop     ecx
02fc4d43   pop     ecx
02fc4d42
02fc4d44 loc_2fc4d44:
02fc4d44   mov     eax, [$3054808]
02fc4d49   cmp     eax, 1
02fc4d4c   jnz     loc_2fc4d5c
02fc4d4c
02fc4d4e   cmp     ebx, esi
02fc4d50   jz      loc_2fc4d56
02fc4d50
02fc4d52   mov     eax, ebx
02fc4d54   jmp     loc_2fc4d59
02fc4d54
02fc4d54 ; ---------------------------------------------------------
02fc4d54
02fc4d56 loc_2fc4d56:
02fc4d56   xor     eax, eax
02fc4d58   inc     eax
02fc4d56
02fc4d59 loc_2fc4d59:
02fc4d59   push    eax
02fc4d5a   jmp     loc_2fc4d7a
02fc4d5a
02fc4d5a ; ---------------------------------------------------------
02fc4d5a
02fc4d5c loc_2fc4d5c:
02fc4d5c   cmp     eax, 3
02fc4d5f   jnz     loc_2fc4da1
02fc4d5f
02fc4d61   push    ebx
02fc4d62   call    -$10e ($2fc4c59)
02fc4d62
02fc4d67 loc_2fc4d67:
02fc4d67   cmp     eax, esi
02fc4d69   pop     ecx
02fc4d6a   jnz     loc_2fc4d83
02fc4d6a
02fc4d6c loc_2fc4d6c:
02fc4d6c   cmp     ebx, esi
02fc4d6e   jnz     loc_2fc4d73
02fc4d6e
02fc4d70   xor     edi, edi
02fc4d72   inc     edi
02fc4d70
02fc4d73 loc_2fc4d73:
02fc4d73   add     edi, $f
02fc4d76   and     edi, -$10
02fc4d79   push    edi
02fc4d76
02fc4d7a loc_2fc4d7a:
02fc4d7a   push    esi
02fc4d7b   push    dword ptr [$3053ffc]
02fc4d81 > call    ebp
02fc4d81
02fc4d83 loc_2fc4d83:
02fc4d83   mov     esi, eax
02fc4d85   test    esi, esi
02fc4d87   jnz     loc_2fc4dbc
02fc4d87
02fc4d89   cmp     [$3053ff4], eax
02fc4d8f   push    $c
02fc4d91   pop     edi
02fc4d92   jz      loc_2fc4dae
02fc4d92
02fc4d94   push    ebx
02fc4d95   call    -$3d49 ($2fc1051)      ; _callnewh (MSVCR80.dll)
02fc4d95
02fc4d9a   test    eax, eax
02fc4d9c   pop     ecx
02fc4d9d   jnz     loc_2fc4d20
02fc4d9d
02fc4d9f   jmp     loc_2fc4db5
02fc4d9f
02fc4d9f ; ---------------------------------------------------------
02fc4d9f
02fc4da1 loc_2fc4da1:
02fc4da1   cmp     eax, 2
02fc4da4   jnz     loc_2fc4d6c
02fc4da4
02fc4da6   push    ebx
02fc4da7   call    -$104 ($2fc4ca8)
02fc4da7
02fc4dac   jmp     loc_2fc4d67
02fc4dac
02fc4dac ; ---------------------------------------------------------
02fc4dac
02fc4dae loc_2fc4dae:
02fc4dae   call    -$a67 ($2fc434c)       ; _errno (MSVCR80.dll)
02fc4dae
02fc4db3   mov     [eax], edi
02fc4dae
02fc4db5 loc_2fc4db5:
02fc4db5   call    -$a6e ($2fc434c)       ; _errno (MSVCR80.dll)
02fc4db5
02fc4dba   mov     [eax], edi
02fc4db5
02fc4dbc loc_2fc4dbc:
02fc4dbc   pop     edi
02fc4dbd   mov     eax, esi
02fc4dbf   pop     esi
02fc4dc0   pop     ebp
02fc4dc1   pop     ebx
02fc4dc2   ret
02fc4dc2
02fc4dc2 ; ---------------------------------------------------------
02fc4dc2
02fc4dc3 loc_2fc4dc3:
02fc4dc3   push    ebx
02fc4dc4   call    -$3d78 ($2fc1051)      ; _callnewh (MSVCR80.dll)
02fc4dc4
02fc4dc9   pop     ecx
02fc4dca   call    -$a83 ($2fc434c)       ; _errno (MSVCR80.dll)
02fc4dca
02fc4dcf   mov     dword ptr [eax], $c
02fc4dd5   xor     eax, eax
02fc4dd7   pop     ebx
02fc4dd8   ret

Last edited by indraramadhan094 (12-07-2012 14:35:23)

Like and Invite Your Friends to Like this Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Jika ada Pertanyaan kepada Redaksi, sampaikan melalui Twitter di @PCMedia_ID

87

Re: #Bug PCMAV 8.0 Raptor

kalau ketika dijalankan pcmav muncul pesan ini masalahnya dimana ya?
http://i49.tinypic.com/9i9zjl.jpg

Thumbs up

88

Re: #Bug PCMAV 8.0 Raptor

Bug PCMAV yang Terintegrasi dengan Clamav Library 0.97.1

date/time         : 2012-07-12, 10:20:00, 31ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 57 minutes 24 seconds
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 326/958 MB (free/total)
free disk space   : (C:) 7.33 GB (D:) 997.87 MB
display mode      : 1024x768, 32 bit
process id        : $4b4
allocated memory  : 205.84 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $640a6d92, $a4be3c88, $a4be3c88
exception number  : 1
exception message : The application seems to be frozen.

main thread ($568):
045a8027 +157 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $4e4:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $424:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($568) at:
030916e9 +00 IDMShellExt.dll

thread $864 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($568) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $d08:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($568) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $cdc:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($568) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $d68:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($568) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $2ec:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $380:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $5d4:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   1   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  32  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 897 760 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     190 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   117 56  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
4b4 PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.97.1

disassembling:
045a7ed0 public cl_load:                  ; function entry point
045a7ed0   push    ebp
045a7ed1   mov     ebp, esp
045a7ed3   and     esp, -8
045a7ed6   sub     esp, $34
045a7ed9   push    ebx
045a7eda   push    esi
045a7edb   mov     esi, [ebp+$c]
045a7ede   test    esi, esi
045a7ee0   push    edi
045a7ee1   jnz     loc_45a7efa
045a7ee1
045a7ee3   push    $463aaf4               ; 'cl_load: engine == NULL'
045a7ee8   call    -$1a9ed ($458d500)     ; #301 (libclamav.dll)
045a7ee8
045a7eed   add     esp, 4
045a7ef0   lea     eax, [esi+2]
045a7ef3   pop     edi
045a7ef4   pop     esi
045a7ef5   pop     ebx
045a7ef6   mov     esp, ebp
045a7ef8   pop     ebp
045a7ef9   ret
045a7ef9
045a7ef9 ; ---------------------------------------------------------
045a7ef9
045a7efa loc_45a7efa:
045a7efa   test    dword ptr [esi+8], $400
045a7f01   jz      loc_45a7f1c
045a7f01
045a7f03   push    $463ab10               ; 'cl_load(): can't load new databases when engine is already compiled'
045a7f08   call    -$1aa0d ($458d500)     ; #301 (libclamav.dll)
045a7f08
045a7f0d   add     esp, 4
045a7f10   mov     eax, 3
045a7f15   pop     edi
045a7f16   pop     esi
045a7f17   pop     ebx
045a7f18   mov     esp, ebp
045a7f1a   pop     ebp
045a7f1b   ret
045a7f1b
045a7f1b ; ---------------------------------------------------------
045a7f1b
045a7f1c loc_45a7f1c:
045a7f1c   mov     edi, [ebp+8]
045a7f1f   lea     eax, [esp+$10]
045a7f23   push    eax
045a7f24   push    edi
045a7f25   call    +$37876 ($45df7a0)     ; cw_stat (libclamav.dll)
045a7f25
045a7f2a   add     esp, 8
045a7f2d   cmp     eax, -1
045a7f30   jnz     loc_45a7f4c
045a7f30
045a7f32   push    edi
045a7f33   push    $463ab58
045a7f38   call    -$1aa3d ($458d500)     ; #301 (libclamav.dll)
045a7f38
045a7f3d   add     esp, 8
045a7f40   mov     eax, $b
045a7f45   pop     edi
045a7f46   pop     esi
045a7f47   pop     ebx
045a7f48   mov     esp, ebp
045a7f4a   pop     ebp
045a7f4b   ret
045a7f4b
045a7f4b ; ---------------------------------------------------------
045a7f4b
045a7f4c loc_45a7f4c:
045a7f4c   mov     ebx, [ebp+$14]
045a7f4f   test    bl, 8
045a7f52   jz      loc_45a7f74
045a7f52
045a7f54   cmp     dword ptr [esi+$64], 0
045a7f58   jnz     loc_45a7f74
045a7f58
045a7f5a   mov     ecx, [esi+$68]
045a7f5d   test    byte ptr [ecx+$1c], 1
045a7f61   jz      loc_45a7f74
045a7f61
045a7f63   push    esi
045a7f64   call    -$7c39 ($45a0330)
045a7f64
045a7f69   add     esp, 4
045a7f6c   test    eax, eax
045a7f6e   jnz     loc_45a802f
045a7f6e
045a7f74 loc_45a7f74:
045a7f74   test    ebx, $2000
045a7f7a   jz      loc_45a7f9f
045a7f7a
045a7f7c   cmp     dword ptr [esi+$29c], 0
045a7f83   jnz     loc_45a7f9f
045a7f83
045a7f85   lea     edx, [esi+$a4]
045a7f8b   push    edx
045a7f8c   call    -$57c01 ($4550390)     ; #362 (libclamav.dll)
045a7f8c
045a7f91   add     esp, 4
045a7f94   test    eax, eax
045a7f96   jz      loc_45a7fb5
045a7f96
045a7f98   pop     edi
045a7f99   pop     esi
045a7f9a   pop     ebx
045a7f9b   mov     esp, ebp
045a7f9d   pop     ebp
045a7f9e   ret
045a7f9e
045a7f9e ; ---------------------------------------------------------
045a7f9e
045a7f9f loc_45a7f9f:
045a7f9f   cmp     byte ptr [$4657848], 0  ; #300 (libclamav.dll)
045a7fa6   jz      loc_45a7fb5
045a7fa6
045a7fa8   push    $463ab7c               ; 'Bytecode engine disabled'
045a7fad   call    -$1a992 ($458d620)     ; #303 (libclamav.dll)
045a7fad
045a7fb2   add     esp, 4
045a7fad
045a7fb5 loc_45a7fb5:
045a7fb5   push    esi
045a7fb6   call    -$4846b ($455fb50)
045a7fb6
045a7fbb   add     esp, 4
045a7fbe   test    eax, eax
045a7fc0   jz      loc_45a7fce
045a7fc0
045a7fc2   mov     eax, $14
045a7fc7   pop     edi
045a7fc8   pop     esi
045a7fc9   pop     ebx
045a7fca   mov     esp, ebp
045a7fcc   pop     ebp
045a7fcd   ret
045a7fcd
045a7fcd ; ---------------------------------------------------------
045a7fcd
045a7fce loc_45a7fce:
045a7fce   mov     eax, [esp+$16]
045a7fd2   or      [esi+8], ebx
045a7fd5   and     eax, $f000
045a7fda   cmp     eax, $4000
045a7fdf   jz      loc_45a801a
045a7fdf
045a7fe1   cmp     eax, $8000
045a7fe6   jz      loc_45a8002
045a7fe6
045a7fe8   push    edi
045a7fe9   push    $463ab98               ; 'cl_load(%s): Not supported database file type'
045a7fee   call    -$1aaf3 ($458d500)     ; #301 (libclamav.dll)
045a7fee
045a7ff3   add     esp, 8
045a7ff6   mov     eax, 8
045a7ffb   pop     edi
045a7ffc   pop     esi
045a7ffd   pop     ebx
045a7ffe   mov     esp, ebp
045a8000   pop     ebp
045a8001   ret
045a8001
045a8001 ; ---------------------------------------------------------
045a8001
045a8002 loc_45a8002:
045a8002   mov     eax, [ebp+$10]
045a8005   push    0
045a8007   push    ebx
045a8008   push    eax
045a8009   push    esi
045a800a   push    edi
045a800b   call    -$1130 ($45a6ee0)
045a800b
045a8010   add     esp, $14
045a8013   pop     edi
045a8014   pop     esi
045a8015   pop     ebx
045a8016   mov     esp, ebp
045a8018   pop     ebp
045a8019   ret
045a8019
045a8019 ; ---------------------------------------------------------
045a8019
045a801a loc_45a801a:
045a801a   mov     ecx, [ebp+$10]
045a801d   or      ebx, $800
045a8023   push    ebx
045a8024   push    ecx
045a8025   push    esi
045a8026   push    edi
045a8027 > call    -$a2c ($45a7600)
045a8027
045a802c   add     esp, $10
045a8027
045a802f loc_45a802f:
045a802f   pop     edi
045a8030   pop     esi
045a8031   pop     ebx
045a8032   mov     esp, ebp
045a8034   pop     ebp
045a8035   ret

Bug PCMAV yang Terintegrasi dengan Clamav Library 0.97.2

date/time         : 2012-07-12, 10:07:04, 46ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 44 minutes 28 seconds
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 331/958 MB (free/total)
free disk space   : (C:) 7.33 GB (D:) 997.89 MB
display mode      : 1024x768, 32 bit
process id        : $2c4
allocated memory  : 207.42 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $6aeae18b, $abbece7f, $abbece7f
exception number  : 1
exception message : The application seems to be frozen.

main thread ($e8):
045b3904 +054 libclamav.dll             #156
045a8127 +157 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $f54:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $578:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($e8) at:
030916e9 +00 IDMShellExt.dll

thread $77c (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($e8) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $714:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($e8) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $7c0:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($e8) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $144:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($e8) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $c18:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $c08:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $c04:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 843 748 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     190 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   117 56  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
2c4 PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.97.2

disassembling:
045b38b0 public #156:                     ; function entry point
045b38b0   push    ebx
045b38b1   mov     ebx, [esp+$10]
045b38b5   test    ebx, ebx
045b38b7   push    ebp
045b38b8   mov     ebp, [esp+$10]
045b38bc   jz      loc_45b3919
045b38bc
045b38be   push    esi
045b38bf   mov     esi, [esp+$10]
045b38c3   push    edi
045b38bf
045b38c4 loc_45b38c4:
045b38c4   mov     edi, $40
045b38c9   sub     edi, [esi+$28]
045b38cc   cmp     edi, ebx
045b38ce   jbe     loc_45b38d2
045b38ce
045b38d0   mov     edi, ebx
045b38ce
045b38d2 loc_45b38d2:
045b38d2   mov     eax, [esi+$28]
045b38d5   push    edi
045b38d6   lea     ecx, [eax+esi+$2c]
045b38da   push    ebp
045b38db   push    ecx
045b38dc   call    +$3b499 ($45eed7a)     ; memcpy (MSVCR80.dll)
045b38dc
045b38e1   add     esp, $c
045b38e4   lea     edx, [edi*8]
045b38eb   add     [esi], edx
045b38ed   adc     dword ptr [esi+4], 0
045b38f1   add     [esi+$28], edi
045b38f4   mov     eax, [esi+$28]
045b38f7   add     ebp, edi
045b38f9   sub     ebx, edi
045b38fb   cmp     eax, $40
045b38fe   jnz     loc_45b3913
045b38fe
045b3900   lea     edx, [esi+$2c]
045b3903   push    esi
045b3904 > call    -$4d9 ($45b3430)
045b3904
045b3909   add     esp, 4
045b390c   mov     dword ptr [esi+$28], 0
045b3909
045b3913 loc_45b3913:
045b3913   test    ebx, ebx
045b3915   jnz     loc_45b38c4
045b3915
045b3917   pop     edi
045b3918   pop     esi
045b3917
045b3919 loc_45b3919:
045b3919   pop     ebp
045b391a   pop     ebx
045b391b   ret
date/time         : 2012-07-12, 10:09:21, 781ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 46 minutes 45 seconds
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 328/958 MB (free/total)
free disk space   : (C:) 7.33 GB (D:) 997.88 MB
display mode      : 1024x768, 32 bit
process id        : $e00
allocated memory  : 210.42 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $640a6d92, $a4be3c88, $a4be3c88
exception number  : 1
exception message : The application seems to be frozen.

main thread ($f08):
045a8127 +157 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $98c:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $b74:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($f08) at:
030916e9 +00 IDMShellExt.dll

thread $e64 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($f08) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $9b0:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($f08) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $ef8:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($f08) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $efc:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($f08) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $4f0:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $5ac:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $6c4:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   1   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 846 748 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     190 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   117 56  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
e00 PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.97.2

disassembling:
045a7fd0 public cl_load:                  ; function entry point
045a7fd0   push    ebp
045a7fd1   mov     ebp, esp
045a7fd3   and     esp, -8
045a7fd6   sub     esp, $34
045a7fd9   push    ebx
045a7fda   push    esi
045a7fdb   mov     esi, [ebp+$c]
045a7fde   test    esi, esi
045a7fe0   push    edi
045a7fe1   jnz     loc_45a7ffa
045a7fe1
045a7fe3   push    $463ab24               ; 'cl_load: engine == NULL'
045a7fe8   call    -$1aa2d ($458d5c0)     ; #301 (libclamav.dll)
045a7fe8
045a7fed   add     esp, 4
045a7ff0   lea     eax, [esi+2]
045a7ff3   pop     edi
045a7ff4   pop     esi
045a7ff5   pop     ebx
045a7ff6   mov     esp, ebp
045a7ff8   pop     ebp
045a7ff9   ret
045a7ff9
045a7ff9 ; ---------------------------------------------------------
045a7ff9
045a7ffa loc_45a7ffa:
045a7ffa   test    dword ptr [esi+8], $400
045a8001   jz      loc_45a801c
045a8001
045a8003   push    $463ab40               ; 'cl_load(): can't load new databases when engine is already compiled'
045a8008   call    -$1aa4d ($458d5c0)     ; #301 (libclamav.dll)
045a8008
045a800d   add     esp, 4
045a8010   mov     eax, 3
045a8015   pop     edi
045a8016   pop     esi
045a8017   pop     ebx
045a8018   mov     esp, ebp
045a801a   pop     ebp
045a801b   ret
045a801b
045a801b ; ---------------------------------------------------------
045a801b
045a801c loc_45a801c:
045a801c   mov     edi, [ebp+8]
045a801f   lea     eax, [esp+$10]
045a8023   push    eax
045a8024   push    edi
045a8025   call    +$37866 ($45df890)     ; cw_stat (libclamav.dll)
045a8025
045a802a   add     esp, 8
045a802d   cmp     eax, -1
045a8030   jnz     loc_45a804c
045a8030
045a8032   push    edi
045a8033   push    $463ab88
045a8038   call    -$1aa7d ($458d5c0)     ; #301 (libclamav.dll)
045a8038
045a803d   add     esp, 8
045a8040   mov     eax, $b
045a8045   pop     edi
045a8046   pop     esi
045a8047   pop     ebx
045a8048   mov     esp, ebp
045a804a   pop     ebp
045a804b   ret
045a804b
045a804b ; ---------------------------------------------------------
045a804b
045a804c loc_45a804c:
045a804c   mov     ebx, [ebp+$14]
045a804f   test    bl, 8
045a8052   jz      loc_45a8074
045a8052
045a8054   cmp     dword ptr [esi+$64], 0
045a8058   jnz     loc_45a8074
045a8058
045a805a   mov     ecx, [esi+$68]
045a805d   test    byte ptr [ecx+$1c], 1
045a8061   jz      loc_45a8074
045a8061
045a8063   push    esi
045a8064   call    -$7c39 ($45a0430)
045a8064
045a8069   add     esp, 4
045a806c   test    eax, eax
045a806e   jnz     loc_45a812f
045a806e
045a8074 loc_45a8074:
045a8074   test    ebx, $2000
045a807a   jz      loc_45a809f
045a807a
045a807c   cmp     dword ptr [esi+$29c], 0
045a8083   jnz     loc_45a809f
045a8083
045a8085   lea     edx, [esi+$a4]
045a808b   push    edx
045a808c   call    -$57d01 ($4550390)     ; #362 (libclamav.dll)
045a808c
045a8091   add     esp, 4
045a8094   test    eax, eax
045a8096   jz      loc_45a80b5
045a8096
045a8098   pop     edi
045a8099   pop     esi
045a809a   pop     ebx
045a809b   mov     esp, ebp
045a809d   pop     ebp
045a809e   ret
045a809e
045a809e ; ---------------------------------------------------------
045a809e
045a809f loc_45a809f:
045a809f   cmp     byte ptr [$4657848], 0  ; #300 (libclamav.dll)
045a80a6   jz      loc_45a80b5
045a80a6
045a80a8   push    $463abac               ; 'Bytecode engine disabled'
045a80ad   call    -$1a9d2 ($458d6e0)     ; #303 (libclamav.dll)
045a80ad
045a80b2   add     esp, 4
045a80ad
045a80b5 loc_45a80b5:
045a80b5   push    esi
045a80b6   call    -$484db ($455fbe0)
045a80b6
045a80bb   add     esp, 4
045a80be   test    eax, eax
045a80c0   jz      loc_45a80ce
045a80c0
045a80c2   mov     eax, $14
045a80c7   pop     edi
045a80c8   pop     esi
045a80c9   pop     ebx
045a80ca   mov     esp, ebp
045a80cc   pop     ebp
045a80cd   ret
045a80cd
045a80cd ; ---------------------------------------------------------
045a80cd
045a80ce loc_45a80ce:
045a80ce   mov     eax, [esp+$16]
045a80d2   or      [esi+8], ebx
045a80d5   and     eax, $f000
045a80da   cmp     eax, $4000
045a80df   jz      loc_45a811a
045a80df
045a80e1   cmp     eax, $8000
045a80e6   jz      loc_45a8102
045a80e6
045a80e8   push    edi
045a80e9   push    $463abc8               ; 'cl_load(%s): Not supported database file type'
045a80ee   call    -$1ab33 ($458d5c0)     ; #301 (libclamav.dll)
045a80ee
045a80f3   add     esp, 8
045a80f6   mov     eax, 8
045a80fb   pop     edi
045a80fc   pop     esi
045a80fd   pop     ebx
045a80fe   mov     esp, ebp
045a8100   pop     ebp
045a8101   ret
045a8101
045a8101 ; ---------------------------------------------------------
045a8101
045a8102 loc_45a8102:
045a8102   mov     eax, [ebp+$10]
045a8105   push    0
045a8107   push    ebx
045a8108   push    eax
045a8109   push    esi
045a810a   push    edi
045a810b   call    -$1130 ($45a6fe0)
045a810b
045a8110   add     esp, $14
045a8113   pop     edi
045a8114   pop     esi
045a8115   pop     ebx
045a8116   mov     esp, ebp
045a8118   pop     ebp
045a8119   ret
045a8119
045a8119 ; ---------------------------------------------------------
045a8119
045a811a loc_45a811a:
045a811a   mov     ecx, [ebp+$10]
045a811d   or      ebx, $800
045a8123   push    ebx
045a8124   push    ecx
045a8125   push    esi
045a8126   push    edi
045a8127 > call    -$a2c ($45a7700)
045a8127
045a812c   add     esp, $10
045a8127
045a812f loc_45a812f:
045a812f   pop     edi
045a8130   pop     esi
045a8131   pop     ebx
045a8132   mov     esp, ebp
045a8134   pop     ebp
045a8135   ret

Last edited by indraramadhan094 (12-07-2012 14:43:48)

Like and Invite Your Friends to Like this Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Jika ada Pertanyaan kepada Redaksi, sampaikan melalui Twitter di @PCMedia_ID

89

Re: #Bug PCMAV 8.0 Raptor

Rahman wrote:

tergantung Mas, errornya seperti apa, kalau sperti yg saya laporkan diatas nda ada bug reportnya. kecuali ada tampilan madexcept kalau tidak salah pasti ada bug report tersimpan di dalam folder PCMAV...

saya juga kurang tau,
setiap kali error, error apa saja, pasti tidak ada bug reportnya

90

Re: #Bug PCMAV 8.0 Raptor

Bug PCMAV yang Terintegrasi dengan Clamav Library 0.97.3

date/time         : 2012-07-12, 11:35:14, 750ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 2 hours 12 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 175/958 MB (free/total)
free disk space   : (C:) 7.33 GB (D:) 997.83 MB
display mode      : 1024x768, 32 bit
process id        : $b60
allocated memory  : 212.94 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $640a6d92, $a4be3c88, $a4be3c88
exception number  : 1
exception message : The application seems to be frozen.

main thread ($884):
045a8267 +157 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008d9ef4 +11c PCMAV.exe     segment%265 public%20615
008dc3d1 +cbd PCMAV.exe     segment%265 public%20639
0059d621 +015 PCMAV.exe     segment%79  public%9574
005a1ba1 +0a9 PCMAV.exe     segment%79  public%9694
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
00500f71 +10d PCMAV.exe     segment%62  public%6150
00501080 +0bc PCMAV.exe     segment%62  public%6151
00503c3e +026 PCMAV.exe     segment%62  public%6250
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
0059e022 +5f2 PCMAV.exe     segment%79  public%9588
004fce4c +024 PCMAV.exe     segment%62  public%5993
004fb82a +026 PCMAV.exe     segment%62  public%5909
0059d8ba +03a PCMAV.exe     segment%79  public%9583
005a7473 +0b3 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $1fc:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $d20:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($884) at:
030916e9 +00 IDMShellExt.dll

thread $4c8 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($884) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $20c:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($884) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $568:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($884) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $244:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($884) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $d1c:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $5a0:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $af0:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    43  54  normal C:\WINDOWS\system32
7f4 winlogon.exe 51  14  high   C:\WINDOWS\system32
0e4 services.exe 4   2   normal C:\WINDOWS\system32
0f0 lsass.exe    4   2   normal C:\WINDOWS\system32
1c8 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  30  normal C:\WINDOWS\System32
47c svchost.exe  4   1   normal C:\WINDOWS\system32
4bc svchost.exe  4   5   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
73c alg.exe      4   2   normal C:\WINDOWS\System32
0a4 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
1a8 svchost.exe  4   1   normal C:\WINDOWS\System32
25c Explorer.EXE 914 766 normal C:\WINDOWS
634 VTTimer.exe  15  5   normal C:\WINDOWS\system32
668 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
67c SOUNDMAN.EXE 21  8   normal C:\WINDOWS
68c egui.exe     190 57  normal C:\Program Files\ESET\ESET Smart Security
6b0 WinSnap.exe  100 78  normal C:\Program Files\WinSnap
5dc ctfmon.exe   123 59  normal C:\WINDOWS\system32
720 IDMan.exe    129 72  normal C:\Program Files\Internet Download Manager
55c taskmgr.exe  109 124 high   C:\WINDOWS\system32
99c DllHost.exe  8   3   normal C:\WINDOWS\system32
ff8 wmplayer.exe 696 127 normal C:\Program Files\Windows Media Player
ab8 firefox.exe  238 43  normal C:\Program Files\Mozilla Firefox
b60 PCMAV.exe    227 98  normal D:\PCMAV 8.0 Raptor with Clamav 0.97.3

disassembling:
045a8110 public cl_load:                  ; function entry point
045a8110   push    ebp
045a8111   mov     ebp, esp
045a8113   and     esp, -8
045a8116   sub     esp, $34
045a8119   push    ebx
045a811a   push    esi
045a811b   mov     esi, [ebp+$c]
045a811e   test    esi, esi
045a8120   push    edi
045a8121   jnz     loc_45a813a
045a8121
045a8123   push    $463b334               ; 'cl_load: engine == NULL'
045a8128   call    -$1ab4d ($458d5e0)     ; #301 (libclamav.dll)
045a8128
045a812d   add     esp, 4
045a8130   lea     eax, [esi+2]
045a8133   pop     edi
045a8134   pop     esi
045a8135   pop     ebx
045a8136   mov     esp, ebp
045a8138   pop     ebp
045a8139   ret
045a8139
045a8139 ; ---------------------------------------------------------
045a8139
045a813a loc_45a813a:
045a813a   test    dword ptr [esi+8], $400
045a8141   jz      loc_45a815c
045a8141
045a8143   push    $463b350               ; 'cl_load(): can't load new databases when engine is already compiled'
045a8148   call    -$1ab6d ($458d5e0)     ; #301 (libclamav.dll)
045a8148
045a814d   add     esp, 4
045a8150   mov     eax, 3
045a8155   pop     edi
045a8156   pop     esi
045a8157   pop     ebx
045a8158   mov     esp, ebp
045a815a   pop     ebp
045a815b   ret
045a815b
045a815b ; ---------------------------------------------------------
045a815b
045a815c loc_45a815c:
045a815c   mov     edi, [ebp+8]
045a815f   lea     eax, [esp+$10]
045a8163   push    eax
045a8164   push    edi
045a8165   call    +$377b6 ($45df920)     ; cw_stat (libclamav.dll)
045a8165
045a816a   add     esp, 8
045a816d   cmp     eax, -1
045a8170   jnz     loc_45a818c
045a8170
045a8172   push    edi
045a8173   push    $463b398
045a8178   call    -$1ab9d ($458d5e0)     ; #301 (libclamav.dll)
045a8178
045a817d   add     esp, 8
045a8180   mov     eax, $b
045a8185   pop     edi
045a8186   pop     esi
045a8187   pop     ebx
045a8188   mov     esp, ebp
045a818a   pop     ebp
045a818b   ret
045a818b
045a818b ; ---------------------------------------------------------
045a818b
045a818c loc_45a818c:
045a818c   mov     ebx, [ebp+$14]
045a818f   test    bl, 8
045a8192   jz      loc_45a81b4
045a8192
045a8194   cmp     dword ptr [esi+$64], 0
045a8198   jnz     loc_45a81b4
045a8198
045a819a   mov     ecx, [esi+$68]
045a819d   test    byte ptr [ecx+$1c], 1
045a81a1   jz      loc_45a81b4
045a81a1
045a81a3   push    esi
045a81a4   call    -$7c39 ($45a0570)
045a81a4
045a81a9   add     esp, 4
045a81ac   test    eax, eax
045a81ae   jnz     loc_45a826f
045a81ae
045a81b4 loc_45a81b4:
045a81b4   test    ebx, $2000
045a81ba   jz      loc_45a81df
045a81ba
045a81bc   cmp     dword ptr [esi+$29c], 0
045a81c3   jnz     loc_45a81df
045a81c3
045a81c5   lea     edx, [esi+$a4]
045a81cb   push    edx
045a81cc   call    -$57e41 ($4550390)     ; #362 (libclamav.dll)
045a81cc
045a81d1   add     esp, 4
045a81d4   test    eax, eax
045a81d6   jz      loc_45a81f5
045a81d6
045a81d8   pop     edi
045a81d9   pop     esi
045a81da   pop     ebx
045a81db   mov     esp, ebp
045a81dd   pop     ebp
045a81de   ret
045a81de
045a81de ; ---------------------------------------------------------
045a81de
045a81df loc_45a81df:
045a81df   cmp     byte ptr [$46588a0], 0  ; #300 (libclamav.dll)
045a81e6   jz      loc_45a81f5
045a81e6
045a81e8   push    $463b3bc               ; 'Bytecode engine disabled'
045a81ed   call    -$1aaf2 ($458d700)     ; #303 (libclamav.dll)
045a81ed
045a81f2   add     esp, 4
045a81ed
045a81f5 loc_45a81f5:
045a81f5   push    esi
045a81f6   call    -$485fb ($455fc00)
045a81f6
045a81fb   add     esp, 4
045a81fe   test    eax, eax
045a8200   jz      loc_45a820e
045a8200
045a8202   mov     eax, $14
045a8207   pop     edi
045a8208   pop     esi
045a8209   pop     ebx
045a820a   mov     esp, ebp
045a820c   pop     ebp
045a820d   ret
045a820d
045a820d ; ---------------------------------------------------------
045a820d
045a820e loc_45a820e:
045a820e   mov     eax, [esp+$16]
045a8212   or      [esi+8], ebx
045a8215   and     eax, $f000
045a821a   cmp     eax, $4000
045a821f   jz      loc_45a825a
045a821f
045a8221   cmp     eax, $8000
045a8226   jz      loc_45a8242
045a8226
045a8228   push    edi
045a8229   push    $463b3d8               ; 'cl_load(%s): Not supported database file type'
045a822e   call    -$1ac53 ($458d5e0)     ; #301 (libclamav.dll)
045a822e
045a8233   add     esp, 8
045a8236   mov     eax, 8
045a823b   pop     edi
045a823c   pop     esi
045a823d   pop     ebx
045a823e   mov     esp, ebp
045a8240   pop     ebp
045a8241   ret
045a8241
045a8241 ; ---------------------------------------------------------
045a8241
045a8242 loc_45a8242:
045a8242   mov     eax, [ebp+$10]
045a8245   push    0
045a8247   push    ebx
045a8248   push    eax
045a8249   push    esi
045a824a   push    edi
045a824b   call    -$1130 ($45a7120)
045a824b
045a8250   add     esp, $14
045a8253   pop     edi
045a8254   pop     esi
045a8255   pop     ebx
045a8256   mov     esp, ebp
045a8258   pop     ebp
045a8259   ret
045a8259
045a8259 ; ---------------------------------------------------------
045a8259
045a825a loc_45a825a:
045a825a   mov     ecx, [ebp+$10]
045a825d   or      ebx, $800
045a8263   push    ebx
045a8264   push    ecx
045a8265   push    esi
045a8266   push    edi
045a8267 > call    -$a2c ($45a7840)
045a8267
045a826c   add     esp, $10
045a8267
045a826f loc_45a826f:
045a826f   pop     edi
045a8270   pop     esi
045a8271   pop     ebx
045a8272   mov     esp, ebp
045a8274   pop     ebp
045a8275   ret
date/time         : 2012-07-09, 21:41:55, 218ms
computer name     : INDRA
user name         : Administrator <admin>
registered owner  : Administrator
operating system  : Windows XP Service Pack 3 build 2600
system language   : English
system up time    : 1 hour 15 minutes
program up time   : 1 minute 12 seconds
processors        : 2x Intel(R) Pentium(R) D CPU 2.66GHz
physical memory   : 328/958 MB (free/total)
free disk space   : (C:) 7.51 GB (D:) 763.00 MB
display mode      : 1024x768, 32 bit
process id        : $d4c
allocated memory  : 222.24 MB
executable        : PCMAV.exe
exec. date/time   : 2012-07-09 20:40
version           : 8.0.60963.25496
compiled with     : Delphi XE2
madExcept version : 3.0n
PCMAV.exe.mad     : $0003c2e4, $392140e9, $daa148df
callstack crc     : $640a6d92, $24d696b9, $24d696b9
exception number  : 1
exception message : The application seems to be frozen.

main thread ($ca8):
05448267 +157 libclamav.dll             cl_load
00757768 +298 PCMAV.exe     segment%136 public%16966
00759a1e +102 PCMAV.exe     segment%140 public%16988
008de211 +171 PCMAV.exe     segment%265 public%20649
004fd783 +06f PCMAV.exe     segment%62  public%6007
00518f80 +00c PCMAV.exe     segment%63  public%6787
00519004 +048 PCMAV.exe     segment%63  public%6791
00518e88 +0c8 PCMAV.exe     segment%63  public%6786
0051920d +009 PCMAV.exe     segment%63  public%6798
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
00517884 +06c PCMAV.exe     segment%63  public%6727
004fce4c +024 PCMAV.exe     segment%62  public%5993
00501cc3 +023 PCMAV.exe     segment%62  public%6161
0050274f +00b PCMAV.exe     segment%62  public%6169
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
005011c8 +02c PCMAV.exe     segment%62  public%6154
0048661c +014 PCMAV.exe     segment%30  public%3806
7e4292de +044 USER32.dll                SendMessageW
7e42a034 +016 USER32.dll                CallWindowProcW
00501c70 +0d8 PCMAV.exe     segment%62  public%6160
004fdbd8 +010 PCMAV.exe     segment%62  public%6024
004fdb42 +07e PCMAV.exe     segment%62  public%6021
004fd228 +2d4 PCMAV.exe     segment%62  public%6000
00501b73 +5b3 PCMAV.exe     segment%62  public%6159
00517884 +06c PCMAV.exe     segment%63  public%6727
005011c8 +02c PCMAV.exe     segment%62  public%6154
0048661c +014 PCMAV.exe     segment%30  public%3806
7e418a0b +00a USER32.dll                DispatchMessageW
005a7113 +0f3 PCMAV.exe     segment%79  public%9878
005a7156 +00a PCMAV.exe     segment%79  public%9880
005a7489 +0c9 PCMAV.exe     segment%79  public%9885
008f2289 +13d PCMAV.exe     segment%393 public%20900

thread $d78:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

thread $c04:
7c90df48 +0a ntdll.dll                  NtWaitForMultipleObjects
7c80958a +00 kernel32.dll               WaitForMultipleObjectsEx
7c80a110 +13 kernel32.dll               WaitForMultipleObjects
004bc335 +0d PCMAV.exe       segment%36 public%4585
004bc39f +37 PCMAV.exe       segment%36 public%4586
>> created by main thread ($ca8) at:
030916e9 +00 IDMShellExt.dll

thread $ef0 (TWorkerThread):
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
00679105 +19 PCMAV.exe    segment%98 public%13641
004bc453 +2b PCMAV.exe    segment%36 public%4587
004835f2 +42 PCMAV.exe    segment%30 public%3631
00408520 +28 PCMAV.exe    segment%0  public%327
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($ca8) at:
00678fed +19 PCMAV.exe    segment%98 public%13637

thread $eec:
7c90df58 +0a ntdll.dll               NtWaitForSingleObject
7c8025d5 +85 kernel32.dll            WaitForSingleObjectEx
7c80253d +0d kernel32.dll            WaitForSingleObject
005da7e7 +2f PCMAV.exe    segment%89 public%10957
005da362 +36 PCMAV.exe    segment%89 public%10936
004bc335 +0d PCMAV.exe    segment%36 public%4585
004bc39f +37 PCMAV.exe    segment%36 public%4586
>> created by main thread ($ca8) at:
005da0ad +6d PCMAV.exe    segment%89 public%10934

thread $f48:
7c90df58 +0a ntdll.dll                NtWaitForSingleObject
7c8025d5 +85 kernel32.dll             WaitForSingleObjectEx
7c80253d +0d kernel32.dll             WaitForSingleObject
006b5291 +4d PCMAV.exe    segment%101 public%14693
005da362 +36 PCMAV.exe    segment%89  public%10936
004bc335 +0d PCMAV.exe    segment%36  public%4585
004bc39f +37 PCMAV.exe    segment%36  public%4586
>> created by main thread ($ca8) at:
005da0ad +6d PCMAV.exe    segment%89  public%10934

thread $834:
7e4191ec +26 USER32.dll             GetMessageW
006b464b +bb PCMAV.exe  segment%101 public%14683
005da362 +36 PCMAV.exe  segment%89  public%10936
004bc335 +0d PCMAV.exe  segment%36  public%4585
004bc39f +37 PCMAV.exe  segment%36  public%4586
>> created by main thread ($ca8) at:
005da0ad +6d PCMAV.exe  segment%89  public%10934

thread $5c4:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
007a7dcf +1e7 PCMAV.exe    segment%154 public%17912
004bc335 +00d PCMAV.exe    segment%36  public%4585
004bc39f +037 PCMAV.exe    segment%36  public%4586
>> created by main thread ($ca8) at:
007a8043 +233 PCMAV.exe    segment%154 public%17913

thread $614:
7c90d9d8 +00a ntdll.dll                NtReadFile
7c801873 +061 kernel32.dll             ReadFile
007a7dcf +1e7 PCMAV.exe    segment%154 public%17912
004bc335 +00d PCMAV.exe    segment%36  public%4585
004bc39f +037 PCMAV.exe    segment%36  public%4586
>> created by main thread ($ca8) at:
007a8043 +233 PCMAV.exe    segment%154 public%17913

thread $d9c:
7c90d218 +a ntdll.dll  NtDelayExecution

thread $f14:
7c90da48 +a ntdll.dll  NtRemoveIoCompletion

thread $218:
7c90df48 +a ntdll.dll  NtWaitForMultipleObjects

processes:
000 Idle         0   0
004 System       0   0   normal
6e0 smss.exe     0   0   normal C:\WINDOWS\system32
7b0 csrss.exe    44  54  normal C:\WINDOWS\system32
0bc winlogon.exe 53  15  high   C:\WINDOWS\system32
0e8 services.exe 4   2   normal C:\WINDOWS\system32
0ec lsass.exe    4   2   normal C:\WINDOWS\system32
1c4 svchost.exe  4   1   normal C:\WINDOWS\system32
390 svchost.exe  4   1   normal C:\WINDOWS\system32
3b8 svchost.exe  11  28  normal C:\WINDOWS\System32
45c svchost.exe  4   1   normal C:\WINDOWS\system32
530 svchost.exe  4   2   normal C:\WINDOWS\system32
5f8 spoolsv.exe  4   4   normal C:\WINDOWS\system32
6b8 alg.exe      4   2   normal C:\WINDOWS\System32
738 ekrn.exe     11  11  normal C:\Program Files\ESET\ESET Smart Security
750 svchost.exe  4   1   normal C:\WINDOWS\System32
304 Explorer.EXE 665 267 normal C:\WINDOWS
670 VTTimer.exe  15  5   normal C:\WINDOWS\system32
120 VTtrayp.exe  22  5   normal C:\WINDOWS\system32
6ac SOUNDMAN.EXE 21  8   normal C:\WINDOWS
6dc egui.exe     190 57  normal C:\Program Files\ESET\ESET Smart Security
754 WinSnap.exe  49  63  normal C:\Program Files\WinSnap
7a4 ctfmon.exe   83  39  normal C:\WINDOWS\system32
7dc IDMan.exe    131 73  normal C:\Program Files\Internet Download Manager
1f0 taskmgr.exe  109 124 high   C:\WINDOWS\system32
dbc DllHost.exe  8   3   normal C:\WINDOWS\system32
d4c PCMAV.exe    233 124 normal D:\PCMAV 8.0 Raptor with Clamav 0.97.3

disassembling:
05448110 public cl_load:                  ; function entry point
05448110   push    ebp
05448111   mov     ebp, esp
05448113   and     esp, -8
05448116   sub     esp, $34
05448119   push    ebx
0544811a   push    esi
0544811b   mov     esi, [ebp+$c]
0544811e   test    esi, esi
05448120   push    edi
05448121   jnz     loc_544813a
05448121
05448123   push    $54db334               ; 'cl_load: engine == NULL'
05448128   call    -$1ab4d ($542d5e0)     ; #301 (libclamav.dll)
05448128
0544812d   add     esp, 4
05448130   lea     eax, [esi+2]
05448133   pop     edi
05448134   pop     esi
05448135   pop     ebx
05448136   mov     esp, ebp
05448138   pop     ebp
05448139   ret
05448139
05448139 ; ---------------------------------------------------------
05448139
0544813a loc_544813a:
0544813a   test    dword ptr [esi+8], $400
05448141   jz      loc_544815c
05448141
05448143   push    $54db350               ; 'cl_load(): can't load new databases when engine is already compiled'
05448148   call    -$1ab6d ($542d5e0)     ; #301 (libclamav.dll)
05448148
0544814d   add     esp, 4
05448150   mov     eax, 3
05448155   pop     edi
05448156   pop     esi
05448157   pop     ebx
05448158   mov     esp, ebp
0544815a   pop     ebp
0544815b   ret
0544815b
0544815b ; ---------------------------------------------------------
0544815b
0544815c loc_544815c:
0544815c   mov     edi, [ebp+8]
0544815f   lea     eax, [esp+$10]
05448163   push    eax
05448164   push    edi
05448165   call    +$377b6 ($547f920)     ; cw_stat (libclamav.dll)
05448165
0544816a   add     esp, 8
0544816d   cmp     eax, -1
05448170   jnz     loc_544818c
05448170
05448172   push    edi
05448173   push    $54db398
05448178   call    -$1ab9d ($542d5e0)     ; #301 (libclamav.dll)
05448178
0544817d   add     esp, 8
05448180   mov     eax, $b
05448185   pop     edi
05448186   pop     esi
05448187   pop     ebx
05448188   mov     esp, ebp
0544818a   pop     ebp
0544818b   ret
0544818b
0544818b ; ---------------------------------------------------------
0544818b
0544818c loc_544818c:
0544818c   mov     ebx, [ebp+$14]
0544818f   test    bl, 8
05448192   jz      loc_54481b4
05448192
05448194   cmp     dword ptr [esi+$64], 0
05448198   jnz     loc_54481b4
05448198
0544819a   mov     ecx, [esi+$68]
0544819d   test    byte ptr [ecx+$1c], 1
054481a1   jz      loc_54481b4
054481a1
054481a3   push    esi
054481a4   call    -$7c39 ($5440570)
054481a4
054481a9   add     esp, 4
054481ac   test    eax, eax
054481ae   jnz     loc_544826f
054481ae
054481b4 loc_54481b4:
054481b4   test    ebx, $2000
054481ba   jz      loc_54481df
054481ba
054481bc   cmp     dword ptr [esi+$29c], 0
054481c3   jnz     loc_54481df
054481c3
054481c5   lea     edx, [esi+$a4]
054481cb   push    edx
054481cc   call    -$57e41 ($53f0390)     ; #362 (libclamav.dll)
054481cc
054481d1   add     esp, 4
054481d4   test    eax, eax
054481d6   jz      loc_54481f5
054481d6
054481d8   pop     edi
054481d9   pop     esi
054481da   pop     ebx
054481db   mov     esp, ebp
054481dd   pop     ebp
054481de   ret
054481de
054481de ; ---------------------------------------------------------
054481de
054481df loc_54481df:
054481df   cmp     byte ptr [$54f88a0], 0  ; #300 (libclamav.dll)
054481e6   jz      loc_54481f5
054481e6
054481e8   push    $54db3bc               ; 'Bytecode engine disabled'
054481ed   call    -$1aaf2 ($542d700)     ; #303 (libclamav.dll)
054481ed
054481f2   add     esp, 4
054481ed
054481f5 loc_54481f5:
054481f5   push    esi
054481f6   call    -$485fb ($53ffc00)
054481f6
054481fb   add     esp, 4
054481fe   test    eax, eax
05448200   jz      loc_544820e
05448200
05448202   mov     eax, $14
05448207   pop     edi
05448208   pop     esi
05448209   pop     ebx
0544820a   mov     esp, ebp
0544820c   pop     ebp
0544820d   ret
0544820d
0544820d ; ---------------------------------------------------------
0544820d
0544820e loc_544820e:
0544820e   mov     eax, [esp+$16]
05448212   or      [esi+8], ebx
05448215   and     eax, $f000
0544821a   cmp     eax, $4000
0544821f   jz      loc_544825a
0544821f
05448221   cmp     eax, $8000
05448226   jz      loc_5448242
05448226
05448228   push    edi
05448229   push    $54db3d8               ; 'cl_load(%s): Not supported database file type'
0544822e   call    -$1ac53 ($542d5e0)     ; #301 (libclamav.dll)
0544822e
05448233   add     esp, 8
05448236   mov     eax, 8
0544823b   pop     edi
0544823c   pop     esi
0544823d   pop     ebx
0544823e   mov     esp, ebp
05448240   pop     ebp
05448241   ret
05448241
05448241 ; ---------------------------------------------------------
05448241
05448242 loc_5448242:
05448242   mov     eax, [ebp+$10]
05448245   push    0
05448247   push    ebx
05448248   push    eax
05448249   push    esi
0544824a   push    edi
0544824b   call    -$1130 ($5447120)
0544824b
05448250   add     esp, $14
05448253   pop     edi
05448254   pop     esi
05448255   pop     ebx
05448256   mov     esp, ebp
05448258   pop     ebp
05448259   ret
05448259
05448259 ; ---------------------------------------------------------
05448259
0544825a loc_544825a:
0544825a   mov     ecx, [ebp+$10]
0544825d   or      ebx, $800
05448263   push    ebx
05448264   push    ecx
05448265   push    esi
05448266   push    edi
05448267 > call    -$a2c ($5447840)
05448267
0544826c   add     esp, $10
05448267
0544826f loc_544826f:
0544826f   pop     edi
05448270   pop     esi
05448271   pop     ebx
05448272   mov     esp, ebp
05448274   pop     ebp
05448275   ret

Last edited by indraramadhan094 (12-07-2012 14:47:10)

Like and Invite Your Friends to Like this Fan Page Majalah PC Media : http://www.facebook.com/pages/Majalah-P … 1773385582
Jika ada Pertanyaan kepada Redaksi, sampaikan melalui Twitter di @PCMedia_ID

91

Re: #Bug PCMAV 8.0 Raptor

BwoBlas wrote:

saya bingung, pcmav benar" mendeteksi virus NgrBot n sortcut atau ini hanya false positive seperti kejadian sebelumnya

hal yang sama juga terjadi pada saya.
ratusan file microsoft dianggap bervirus

92

Re: #Bug PCMAV 8.0 Raptor

joko.nurjadi wrote:

Terima kasih rekan-rekan forum yang sudah post bug, sebagian sudah di-fixed dan sebagian lagi masih diriset, detail poin mana yang sudah/belum fixed akan diusahakan kami update disini atau thread khusus secepatnya.

ini yang membuat PCMAV banyak peminatnya.
talk less do more..

semoga selalu menjadi AV lokal terbaik

93

Re: #Bug PCMAV 8.0 Raptor

alfianr wrote:

kalau ketika dijalankan pcmav muncul pesan ini masalahnya dimana ya?
http://i49.tinypic.com/9i9zjl.jpg

pakai windows 7 x64 ya???

94

Re: #Bug PCMAV 8.0 Raptor

cHR!$ is $!RHc wrote:
alfianr wrote:

kalau ketika dijalankan pcmav muncul pesan ini masalahnya dimana ya?
http://i49.tinypic.com/9i9zjl.jpg

pakai windows 7 x64 ya???

Iya.

Thumbs up

95

Re: #Bug PCMAV 8.0 Raptor

alfianr wrote:

Iya.

kemungkinan PCMAV belum support dengan windows 7 x64

96

Re: #Bug PCMAV 8.0 Raptor

joko.nurjadi wrote:

Terima kasih rekan-rekan forum yang sudah post bug, sebagian sudah di-fixed dan sebagian lagi masih diriset, detail poin mana yang sudah/belum fixed akan diusahakan kami update disini atau thread khusus secepatnya.

Bung jgn lupa Optimalisasi proses Cure virus dipercepat lagi, krna saat cure virus dalam jumlah banyak masih lambat. kemudian saat pengujiannya tolong Scan system Windows 7 dan win Xp, karna banyak file windows yang terdeteksi sebgai virus Ngrbot.

Proses Scannya kalau bisa ditingktkan lagi speednya biar makin cepat tapi tetap jaga keakuratan pendeteksiannya, biar terbukti Fastest Indonesian Antivirus Tersebut.

Thumbs up

97

Re: #Bug PCMAV 8.0 Raptor

iya nih,
dimohon agar chief dan yg lainnya membuat list bug2 yg sdh di fix
kan para member forum bisa tahu sehingga tidak dilaporkan berulang - ulang big_smile

98

Re: #Bug PCMAV 8.0 Raptor

ini log hasil scan di PC saya win 7 sp1 32bit
yg di laptop saya win7 sp1 64 bit juga sama kejadiannya seperti ini n yg dianggap bervirus itu file" exe yg 32 bit, sy tidak bisa tampilkan lognya karna laptopnya dipinjam

soal scan tidak ada masalah hang dan sebagainya walau jumlah filenya banyak, dan juga jarang, bahkan hampir tidak pernah mengalami yg namanya crash. mungkin yg bermasalah dengan pcmav yg memakai windows 7 yg belum sp1 atau tidak auto update, karena windows 7 saya yg 32 dan 64 bit auto update. atau mungkin karena bentrok dengan antivirus lain, di PC saya memakai MSE juga tp tidak pernah ada masalah karena itu tp dulu waktu berdampingan dengan NOD dan pernah juga dengan McAfee pcmavnya sering crash tp tidak pernah dianggap virus oleh ketiga av tersebut.
tapi kecepatan scan di PC saya AMD phenom x3 8650 (triple core) sedikit lebih lambat ketimbang di laptop saya yg memakai AMD APU E450 (dual core)
oh iya yg jangan lupa bug yg terkadang membuat lambat n malah kadang memblock koneksi internet di browser diperbaiki, ini hanya terjadi di browser saja(sy coba di chore dan firefox), tetapi download manager dan aplikasi lain tidak mengalami ini, dan ini terjadi walau web/link protector pcmav dimatikan, seharusnya kalau dimatikan pcmav tidak selalu mengecek browser kan ?, dan walau pcmav didisable juga tetap seperti itu, jd solusinya hanya 1, exit pcmav dan internet di browserpun kembali lancar tanpa hambatan

===========================
PC Media Antivirus Log File
www.virusindonesia.com
===========================

Scan Summary (11-7-12 - 10-16-40):
-------------
PCMAV Version         : 8.0
Engine Version        : 8.0
Virus Signature       : 6556
OS                    : Windows 7
Scan Duration         : 03:04:09:707
Items detected        : 0

C:\Flashtool\x10flasher_lib\winjre32\bin\unpack200.exe [NgrBot.V - Quarantined]
C:\Flashtool\x10flasher_lib\winjre64\bin\java.exe [NgrBot.C - Quarantined]
C:\Program Files\CD Art Display\cadLyrics.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\cadnotifier.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\CADPinHelper.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\cadSearch.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\cadtaskbar.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\RestartCAD.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\skinuploader.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\CD Art Display\Skin Browser.exe [VB-Shortcut-4 - Quarantined]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [NgrBot.AA - Quarantined]
C:\Program Files\Unity\Editor\Data\PlaybackEngines\flashsupport\BuildTools\flex\bin\copylocale.exe [NgrBot.D - Quarantined]
C:\Users\Blas\AppData\Roaming\runic games\torchlight\save\sharedstash.bin [Fanny.tmp - Quarantined]
C:\Users\Blas\AppData\Roaming\runic games\torchlight\savebackup\tmpbackup\SHAREDSTASH.BIN [Fanny.tmp - Quarantined]
C:\Users\Blas\AppData\Roaming\runic games\torchlight\savesbeforecloud\SHAREDSTASH.BIN [Fanny.tmp - Quarantined]
C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe [NgrBot.U - Quarantined]
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe [NgrBot.B - Quarantined]
C:\Windows\System32\choice.exe [NgrBot.B - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_25cb021dbc0611db\dxdiag.exe [NgrBot.H - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_e5849be1bd89e07e\ocsetup.exe [NgrBot.AA - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_8683645d11e35ebc\recdisc.exe [NgrBot.V - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_c90e996c4aa655c4\Robocopy.exe [NgrBot.Z - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe [NgrBot.AA - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe [NgrBot.C - Quarantined]
C:\Windows\winsxs\x86_microsoft-windows-telnet-server-tlntsess_31bf3856ad364e35_6.1.7600.16385_none_a9cd5618e9d2d300\tlntsess.exe [NgrBot.AA - Quarantined]

trims n maaf kepanjangan tongue

Thumbs up

99

Re: #Bug PCMAV 8.0 Raptor

BwoBlas wrote:

soal scan tidak ada masalah hang dan sebagainya walau jumlah filenya banyak, dan juga jarang, bahkan hampir tidak pernah mengalami yg namanya crash. mungkin yg bermasalah dengan pcmav yg memakai windows 7 yg belum sp1 atau tidak auto update, karena windows 7 saya yg 32 dan 64 bit auto update. atau mungkin karena bentrok dengan antivirus lain

saya menggunakan windows 7 x64 dengan auto update dan hanya PCMAV lah AV 1.1nya yg ada di laptop saya tetapi tetap saja PCMAV error
hmm  hmm  hmm

100

Re: #Bug PCMAV 8.0 Raptor

PCMAv 8 kurang stabil serta tidak nyaman digunakan user awam

Thumbs up