EurekaLog 6.1.01 RC 1 Application: ------------------------------------------------------- 1.1 Start Date : Sun, 15 May 2011 23:52:43 +0400 1.2 Name/Description: SASPlanet.exe 1.3 Version Number : 1.4 Parameters : 1.5 Compilation Date: Sun, 8 May 2011 13:31:54 +0400 1.6 Up Time : 7 minutes, 54 seconds Exception: ----------------------------------------------------- 2.1 Date : Mon, 16 May 2011 00:00:38 +0400 2.2 Address : 00487A36 2.3 Module Name : SASPlanet.exe 2.4 Module Version: 2.5 Type : EMultiFree 2.6 Message : Multi Free memory leak. 2.7 ID : 22DE 2.8 Count : 1 2.9 Status : New 2.10 Note : Computer: ----------------------------------------------------------------------------- 5.3 Free Memory : 453 Mb 5.5 Free Disk : 32,16 Gb 5.6 System Up Time: 2 hours, 28 minutes, 22 seconds 5.7 Processor : AMD Athlon(tm) 64 Processor 3200+ 5.8 Display Mode : 1280 x 1024, 32 bit 5.9 Display DPI : 96 5.10 Video Card : VIA/S3G DeltaChrome IGP (driver 6.14.10.33 - RAM 64 MB) Operating System: ------------------------------------ 6.1 Type : Microsoft Windows XP 6.2 Build # : 2600 6.3 Update : Service Pack 3 6.4 Language: Russian 6.5 Charset : 204 Network: --------------------------------------------------- 7.1 IP Address: 010.064.126.173 - 010.100.020.026 7.2 Submask : 255.255.254.000 - 255.255.255.255 7.3 Gateway : 010.064.127.254 - 010.100.020.026 7.4 DNS 1 : 091.203.064.002 - 091.203.064.002 7.5 DNS 2 : 000.000.000.000 - 213.137.236.003 7.6 DHCP : ON - OFF Call Stack Information: ---------------------------------------------------------------------------------------------------------------------- |Address |Module |Unit |Class |Procedure/Method |Line | ---------------------------------------------------------------------------------------------------------------------- |Running Thread: ID=288; Priority=0; Class=; [Main] | |--------------------------------------------------------------------------------------------------------------------| |0067942F|SASPlanet.exe|u_KmzInfoSimpleParser.pas |TKmzInfoSimpleParser |LoadFromStream |50[19] | |7C80A4A4|kernel32.dll | | |CompareStringW | | |7C80A3FE|kernel32.dll | | |CompareStringW | | |7C902B04|ntdll.dll | | |RtlInterlockedPushListSList | | |7C90FF2D|ntdll.dll | | |RtlGetNtGlobalFlags | | |7C910346|ntdll.dll | | |RtlImageNtHeader | | |7C910380|ntdll.dll | | |RtlImageNtHeader | | |7C903247|ntdll.dll | | |RtlConvertUlongToLargeInteger| | |7C90E485|ntdll.dll | | |KiUserApcDispatcher | | |00552349|SASPlanet.exe|KAZip.pas |TKAZipEntries |GetHeaderEntry |886[1] | |0055233C|SASPlanet.exe|KAZip.pas |TKAZipEntries |GetHeaderEntry |885[0] | |006793E9|SASPlanet.exe|u_KmzInfoSimpleParser.pas |TKmzInfoSimpleParser |LoadFromStream |44[13] | |00678780|SASPlanet.exe|u_KmlInfoSimpleParser.pas |TKmlInfoSimpleParser |LoadFromFile |159[3] | |006B56C6|SASPlanet.exe|u_ImportKML.pas |TImportKML |DoImport |46[4] | |006B5503|SASPlanet.exe|u_MarksImportBase.pas |TMarksImportBase |ProcessImport |28[2] | |006B67CC|SASPlanet.exe|u_ImportByFileExt.pas |TImportByFileExt |ProcessImport |48[5] | |00783AFE|SASPlanet.exe|frm_MarksExplorer.pas |TfrmMarksExplorer |btnImportClick |217[6] | |0075A02C|SASPlanet.exe|TBXControls.pas |TTBXCustomButton |Click |1954[14] | |7E3790A3|USER32.dll | | |GetClientRect | | |7E37908E|USER32.dll | | |GetClientRect | | |7E37B3FC|USER32.dll | | |CallNextHookEx | | |7E3694DA|USER32.dll | | |GetCapture | | |0079E7D3|SASPlanet.exe|frm_Main.pas |TfrmMain |DoMessageEvent |1709[107]| |00784B2B|SASPlanet.exe|frm_MarksExplorer.pas |TfrmMarksExplorer |EditMarks |509[6] | |00784AB8|SASPlanet.exe|frm_MarksExplorer.pas |TfrmMarksExplorer |EditMarks |503[0] | |007A4C76|SASPlanet.exe|frm_Main.pas |TfrmMain |TBItem6Click |3417[1] | |005821B9|SASPlanet.exe|TB2Item.pas |TTBCustomItem |Click |1513[26] | |005820A6|SASPlanet.exe|TB2Item.pas |TTBCustomItem |ClickWndProc |1459[29] | |7E3696C2|USER32.dll | | |DispatchMessageA | | |7E3696B8|USER32.dll | | |DispatchMessageA | | |007B1BDB|SASPlanet.exe|SASPlanet.dpr | | |549[43] | |7C90DCB8|ntdll.dll | | |ZwSetInformationThread | | |--------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=3624; Priority=0; Class=TGarbageCollectorThread | |--------------------------------------------------------------------------------------------------------------------| |7C90D218|ntdll.dll | | |NtDelayExecution | | |7C8023A0|kernel32.dll | | |SleepEx | | |7C802450|kernel32.dll | | |Sleep | | |7C802446|kernel32.dll | | |Sleep | | |00624DFB|SASPlanet.exe|u_GarbageCollectorThread.pas|TGarbageCollectorThread |Execute |54[11] | |--------------------------------------------------------------------------------------------------------------------| |Calling Thread: ID=288; Priority=0; Class=; [Main] | |--------------------------------------------------------------------------------------------------------------------| |00624D66|SASPlanet.exe|u_GarbageCollectorThread.pas|TGarbageCollectorThread |Create |31[4] | |00624CF8|SASPlanet.exe|u_GarbageCollectorThread.pas|TGarbageCollectorThread |Create |27[0] | |006E38D8|SASPlanet.exe|u_GlobalState.pas |TGlobalState |Create |284[44] | |006E34C4|SASPlanet.exe|u_GlobalState.pas |TGlobalState |Create |240[0] | |007B192D|SASPlanet.exe|SASPlanet.dpr | | |508[2] | |7C90DCB8|ntdll.dll | | |ZwSetInformationThread | | |--------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=2352; Priority=0; Class=TThread4InterfacedThread | |--------------------------------------------------------------------------------------------------------------------| |7C90DF48|ntdll.dll | | |NtWaitForMultipleObjects | | |7C90DF58|ntdll.dll | | |ZwWaitForSingleObject | | |7C90DF4E|ntdll.dll | | |ZwWaitForSingleObject | | |7C91B246|ntdll.dll | | |RtlpWaitForCriticalSection | | |7C90D988|ntdll.dll | | |NtQueryVirtualMemory | | |7C8095D8|kernel32.dll | | |WaitForMultipleObjectsEx | | |7C80A110|kernel32.dll | | |WaitForMultipleObjects | | |7C80A0FD|kernel32.dll | | |WaitForMultipleObjects | | |0075EF9E|SASPlanet.exe|u_BackgroundTask.pas |TBackgroundTask |Execute |65[5] | |0075ED19|SASPlanet.exe|u_InterfacedThread.pas |TThread4InterfacedThread|Execute |130[2] | |--------------------------------------------------------------------------------------------------------------------| |Calling Thread: ID=288; Priority=0; Class=; [Main] | |--------------------------------------------------------------------------------------------------------------------| |0075ED53|SASPlanet.exe|u_InterfacedThread.pas |TThread4InterfacedThread|Start |137[3] | |0075ED20|SASPlanet.exe|u_InterfacedThread.pas |TThread4InterfacedThread|Start |134[0] | |0075EC14|SASPlanet.exe|u_InterfacedThread.pas |TInterfacedThread |Start |83[4] | |00749246|SASPlanet.exe|u_MapLayerWithThreadDraw.pas|TMapLayerWithThreadDraw |StartThreads |140[2] | |00749234|SASPlanet.exe|u_MapLayerWithThreadDraw.pas|TMapLayerWithThreadDraw |StartThreads |138[0] | |0075FD94|SASPlanet.exe|u_MapLayerFillingMap.pas |TMapLayerFillingMap |StartThreads |241[1] | |0075BC1D|SASPlanet.exe|u_WindowLayerBasicList.pas |TWindowLayerBasicList |StartThreads |78[2] | |0075BBFC|SASPlanet.exe|u_WindowLayerBasicList.pas |TWindowLayerBasicList |StartThreads |76[0] | |0079BCB4|SASPlanet.exe|frm_Main.pas |TfrmMain |FormActivate |945[220] | |7E3792DE|USER32.dll | | |SendMessageW | | |7E37F406|USER32.dll | | |SendMessageA | | |7E37F3C2|USER32.dll | | |SendMessageA | | |7E37C1E4|USER32.dll | | |DefWindowProcA | | |7E37C17E|USER32.dll | | |DefWindowProcA | | |7E37B11C|USER32.dll | | |SetFocus | | |7E37B112|USER32.dll | | |SetFocus | | |7E379346|USER32.dll | | |IsWindow | | |7E37AF60|USER32.dll | | |ShowWindow | | |7E37AF56|USER32.dll | | |ShowWindow | | |7C9010E0|ntdll.dll | | |RtlLeaveCriticalSection | | |7C917EA8|ntdll.dll | | |LdrGetProcedureAddress | | |7C80AE79|kernel32.dll | | |GetWindowsDirectoryW | | |7C80AE8B|kernel32.dll | | |GetWindowsDirectoryW | | |7E37A6AB|USER32.dll | | |MonitorFromWindow | | |7E37A6BE|USER32.dll | | |MonitorFromWindow | | |007B1BDB|SASPlanet.exe|SASPlanet.dpr | | |549[43] | |7C90DCB8|ntdll.dll | | |ZwSetInformationThread | | |--------------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=4024; Priority=-1; Class=TTileDownloaderUI | |--------------------------------------------------------------------------------------------------------------------| |7C90D218|ntdll.dll | | |NtDelayExecution | | |7C8023A0|kernel32.dll | | |SleepEx | | |7C802450|kernel32.dll | | |Sleep | | |7C802446|kernel32.dll | | |Sleep | | |00747FE4|SASPlanet.exe|u_TileDownloaderUI.pas |TTileDownloaderUI |Execute |254[8] | |--------------------------------------------------------------------------------------------------------------------| |Calling Thread: ID=288; Priority=0; Class=; [Main] | |--------------------------------------------------------------------------------------------------------------------| |00747EED|SASPlanet.exe|u_TileDownloaderUI.pas |TTileDownloaderUI |StartThreads |202[4] | |00747ED4|SASPlanet.exe|u_TileDownloaderUI.pas |TTileDownloaderUI |StartThreads |198[0] | |0079BCCE|SASPlanet.exe|frm_Main.pas |TfrmMain |FormActivate |947[222] | |7E3792DE|USER32.dll | | |SendMessageW | | |7E37F406|USER32.dll | | |SendMessageA | | |7E37F3C2|USER32.dll | | |SendMessageA | | |7E37C1E4|USER32.dll | | |DefWindowProcA | | |7E37C17E|USER32.dll | | |DefWindowProcA | | |7E37B11C|USER32.dll | | |SetFocus | | |7E37B112|USER32.dll | | |SetFocus | | |7E379346|USER32.dll | | |IsWindow | | |7E37AF60|USER32.dll | | |ShowWindow | | |7E37AF56|USER32.dll | | |ShowWindow | | |7C9010E0|ntdll.dll | | |RtlLeaveCriticalSection | | |7C917EA8|ntdll.dll | | |LdrGetProcedureAddress | | |7C80AE79|kernel32.dll | | |GetWindowsDirectoryW | | |7C80AE8B|kernel32.dll | | |GetWindowsDirectoryW | | |7E37A6AB|USER32.dll | | |MonitorFromWindow | | |7E37A6BE|USER32.dll | | |MonitorFromWindow | | |007B1BDB|SASPlanet.exe|SASPlanet.dpr | | |549[43] | |7C90DCB8|ntdll.dll | | |ZwSetInformationThread | | ---------------------------------------------------------------------------------------------------------------------- Modules Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00370000|Normaliz.dll |Unicode Normalization DLL |6.0.5441.0 |23552 |2009-01-07 18:20:36|C:\WINDOWS\system32 | |00400000|SASPlanet.exe | | |4809728 |2011-05-08 12:31:56|O:\SASPlanet | |02170000|xpsp2res.dll |Сообщения пакета обновления 2 |5.1.2600.5512 |2929664 |2008-04-13 22:38:20|C:\WINDOWS\system32 | |04010000|YaTraf.dll | | |17408 |2009-08-05 18:22:26|O:\SASPlanet\maps | |05FF0000|msls31.dll |Microsoft Line Services library file |3.10.349.0 |156160 |2009-03-08 04:22:38|C:\WINDOWS\system32 | |07FE0000|PrxerNsp.dll |PrxerNsp |2.60.0.1 |61440 |2007-02-28 16:56:34|C:\WINDOWS\system32 | |08000000|pshook.dll |Punto Switcher hook module |3.1.1.72 |21800 |2009-09-17 14:54:38|C:\Program Files\Yandex\Punto Switcher | |09910000|PrxerDrv.dll |ProxifierDrv |2.70.0.1 |73728 |2007-09-25 15:40:32|C:\WINDOWS\system32 | |0AE10000|IDMShellExt.dll |Internet Download Manager module |6.0.5.3 |68216 |2011-03-02 19:23:36|c:\Program Files\Internet Download Manager | |0AFC0000|MPR.dll |Библиотека маршрутизации для нескольких служб доступа |5.1.2600.5512 |59904 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |0AFE0000|mmfinfo.dll | | |159744 |2007-06-03 11:05:20|C:\Program Files\Haali\MatroskaSplitter | |0B120000|Audiodev.dll |Portable Media Devices Shell Extension |5.2.3802.3802 |484352 |2005-01-28 14:44:28|C:\WINDOWS\system32 | |0B1A0000|WMVCore.DLL |Windows Media Playback/Authoring DLL |10.0.0.3802 |2370296 |2005-01-28 14:44:28|C:\WINDOWS\system32 | |0B3F0000|WMASF.DLL |Windows Media ASF DLL |10.0.0.3802 |224768 |2005-01-28 14:44:28|C:\WINDOWS\system32 | |0B840000|mkunicode.dll | | |23552 |2007-06-03 11:04:14|C:\Program Files\Haali\MatroskaSplitter | |10000000|guard32.dll |COMODO Internet Security |5.3.43550.1216 |285480 |2011-02-12 02:59:18|C:\WINDOWS\system32 | |1F840000|odbcint.dll |Microsoft Data Access - ресурсы ODBC |3.525.1117.0 |98304 |2007-03-28 16:54:24|C:\WINDOWS\system32 | |20000000|xpsp3res.dll |Сообщения пакета обновления 3 |5.1.2600.5512 |742912 |2008-04-13 22:39:52|C:\WINDOWS\system32 | |3F9E0000|wininet.dll |Internet Extensions for Win32 |8.0.6001.18876 |916480 |2009-12-21 23:08:48|C:\WINDOWS\system32 | |3FAD0000|mshtml.dll |Microsoft (R) HTML Viewer |8.0.6001.18876 |5942784 |2009-12-21 23:08:48|C:\WINDOWS\system32 | |40080000|iertutil.dll |Run time utility for Internet Explorer |8.0.6001.18876 |1985536 |2009-12-21 23:08:44|C:\WINDOWS\system32 | |40270000|ieframe.dll |Internet Explorer |8.0.6001.18876 |11070464|2009-12-21 23:08:44|C:\WINDOWS\system32 | |45020000|URLMON.DLL |OLE32 Extensions for Win32 |8.0.6001.18876 |1208832 |2009-12-21 23:08:48|C:\WINDOWS\system32 | |4DD70000|fltlib.dll |Filter Library |5.1.2600.5512 |16896 |2008-04-14 20:10:36|C:\WINDOWS\system32 | |4EBE0000|gdiplus.dll |Microsoft GDI+ |5.2.6001.22319 |1748992 |2009-08-13 17:56:18|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df | |55DF0000|AcSignIcon.dll |AutoCAD component |17.1.51.0 |44648 |2007-02-12 09:12:30|C:\WINDOWS\system32 | |55FE0000|AcSignCore16.dll|AutoCAD component |17.1.51.0 |325736 |2007-02-12 09:06:30|C:\Program Files\Common Files\Autodesk Shared | |5A5B0000|wiashext.dll |Интерфейс пользователя папки оболочки для устройств обработки изображений|5.1.2600.5512 |590848 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |5B260000|UxTheme.dll |Библиотека тем UxTheme (Microsoft) |6.0.2900.5512 |219648 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |5BD50000|NETAPI32.dll |Net Win32 API DLL |5.1.2600.5694 |337408 |2008-10-15 20:37:44|C:\WINDOWS\system32 | |5D070000|ShimEng.dll |Shim Engine DLL |5.1.2600.5512 |65024 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |5F2F0000|olepro32.dll | |5.1.2600.5512 |84992 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |64D00000|snxhk.dll |avast! snxhk |6.0.999.0 |197208 |2011-02-23 19:04:18|C:\Program Files\Alwil Software\Avast5 | |64E40000|ashShell.dll |avast! Shell Extension |6.0.999.0 |122512 |2011-02-23 19:04:12|C:\Program Files\Alwil Software\Avast5 | |68000000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |5.1.2600.5507 |208384 |2008-04-13 21:37:58|C:\WINDOWS\system32 | |698B0000|hnetcfg.dll |Диспетчер конфигурации домашней сети |5.1.2600.5512 |344064 |2008-04-14 20:10:38|C:\WINDOWS\system32 | |6FE10000|AcGenral.DLL |Windows Compatibility DLL |5.1.2600.5512 |1852928 |2008-04-14 20:10:34|C:\WINDOWS\AppPatch | |71A30000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0 |5.1.2600.5625 |247296 |2008-06-20 21:48:24|C:\WINDOWS\system32 | |71A70000|wshtcpip.dll |Windows Sockets Helper DLL |5.1.2600.5512 |19456 |2008-04-14 20:10:48|C:\WINDOWS\System32 | |71A80000|WS2HELP.dll |Модуль поддержки Windows Socket 2.0 для Windows NT |5.1.2600.5512 |19968 |2008-04-14 20:10:48|C:\WINDOWS\system32 | |71A90000|WS2_32.dll |Windows Socket 2.0 32-Bit DLL |5.1.2600.5512 |82432 |2008-04-14 20:10:48|C:\WINDOWS\system32 | |71AB0000|wsock32.dll |32-разрядная библиотека Windows Socket |5.1.2600.5512 |24576 |2008-04-14 20:10:48|C:\WINDOWS\system32 | |71BD0000|SAMLIB.dll |SAM Library DLL |5.1.2600.5512 |64000 |2008-04-14 20:10:44|C:\WINDOWS\System32 | |71BF0000|ntlanman.dll |Microsoft® LAN Manager |5.1.2600.5512 |44032 |2008-04-14 20:10:42|C:\WINDOWS\System32 | |71C60000|NETRAP.dll |Net Remote Admin Protocol DLL |5.1.2600.5512 |11776 |2008-04-14 20:10:42|C:\WINDOWS\System32 | |71C70000|NETUI1.dll |NT LM UI Common Code - Networking classes |5.1.2600.5512 |245760 |2008-04-14 20:10:42|C:\WINDOWS\System32 | |71CB0000|NETUI0.dll |Общие классы GUI для NT LM |5.1.2600.5512 |80896 |2008-04-14 20:10:42|C:\WINDOWS\System32 | |73B60000|sti.dll |Клиентская библиотека устройств неподвижных изображений |5.1.2600.5512 |68608 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |73D30000|shgina.dll |Windows Shell User Logon |6.0.2900.5512 |68096 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |73FB0000|ODBC32.dll |Microsoft Data Access - ODBC Driver Manager |3.525.1132.0 |249856 |2008-04-14 20:10:42|C:\WINDOWS\system32 | |746E0000|MSCTF.dll |Библиотека (DLL) MSCTF-сервера |5.1.2600.5512 |297984 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |74AA0000|CFGMGR32.dll |Configuration Manager Forwarder DLL |5.1.2600.5512 |16896 |2008-04-14 20:08:44|C:\WINDOWS\system32 | |75310000|msctfime.ime |Microsoft Text Frame Work Service IME |5.1.2600.5512 |177152 |2008-04-14 20:09:20|C:\WINDOWS\system32 | |75940000|MSGINA.dll |Библиотека GINA входа в систему Windows NT |5.1.2600.5512 |1000448 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |75DA0000|mlang.dll |Multi Language Support DLL |6.0.2900.5512 |586240 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |75F30000|drprov.dll |Microsoft Terminal Server Network Provider |5.1.2600.5512 |14336 |2008-04-14 20:10:36|C:\WINDOWS\System32 | |75F40000|davclnt.dll |Библиотека клиента Web DAV |5.1.2600.5512 |25600 |2008-04-14 20:10:36|C:\WINDOWS\System32 | |75F50000|browseui.dll |Библиотека интерфейса обозревателя оболочки |6.0.2900.5512 |1025024 |2008-04-14 20:10:34|C:\WINDOWS\system32 | |76330000|WINSTA.dll |Winstation Library |5.1.2600.5512 |53760 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |76350000|msimg32.dll |GDIEXT Client DLL |5.1.2600.5512 |4608 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |76360000|imm32.dll |Windows XP IMM32 API Client DLL |5.1.2600.5512 |110080 |2008-04-14 20:10:38|C:\WINDOWS\system32 | |76380000|comdlg32.dll |Библиотека общих диалоговых окон |6.0.2900.5512 |279040 |2008-04-14 20:10:34|C:\WINDOWS\system32 | |765D0000|CSCDLL.dll |Сетевой агент автономного режима |5.1.2600.5512 |102400 |2008-04-14 20:10:36|C:\WINDOWS\System32 | |76650000|CRYPTUI.dll |Интерфейс поставщика доверия |5.131.2600.5512 |514560 |2008-04-14 20:10:36|C:\WINDOWS\system32 | |76770000|cryptdll.dll |Cryptography Manager |5.1.2600.5512 |33280 |2008-04-14 20:10:36|C:\WINDOWS\system32 | |76970000|ntshrui.dll |Расширения оболочки, обеспечивающие доступ к ресурсам |5.1.2600.5512 |144384 |2008-04-14 20:10:42|C:\WINDOWS\system32 | |769A0000|USERENV.dll |Userenv |5.1.2600.5512 |729600 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |76B00000|ATL.DLL |ATL Module for Windows XP (Unicode) |3.5.2284.2 |58880 |2009-07-17 23:03:40|C:\WINDOWS\system32 | |76B20000|winmm.dll |MCI API DLL |5.1.2600.5512 |177152 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |76BE0000|PSAPI.DLL |Process Status Helper |5.1.2600.5512 |23040 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |76C20000|WINTRUST.dll |Интерфейсы проверки доверия (Microsoft) |5.131.2600.5512 |176640 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |76C80000|imagehlp.dll |Windows NT Image Helper |5.1.2600.5512 |144384 |2008-04-14 20:10:38|C:\WINDOWS\system32 | |76D50000|iphlpapi.dll |API модуля поддержки IP |5.1.2600.5512 |95744 |2008-04-14 20:10:38|C:\WINDOWS\system32 | |76E70000|rtutils.dll |Routing Utilities |5.1.2600.5512 |44032 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |76E80000|rasman.dll |Remote Access Connection Manager |5.1.2600.5512 |61440 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |76EA0000|TAPI32.dll |Библиотека API телефонии Microsoft® Windows™ |5.1.2600.5512 |181760 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |76ED0000|RASAPI32.dll |API удаленного доступа |5.1.2600.5512 |237056 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |76F10000|DNSAPI.dll |DNS Client API DLL |5.1.2600.5625 |147968 |2008-06-20 21:48:24|C:\WINDOWS\system32 | |76F50000|WLDAP32.dll |Win32 LDAP API DLL |5.1.2600.5512 |172544 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |76FB0000|rasadhlp.dll |Remote Access AutoDial Helper |5.1.2600.5512 |7680 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |76FC0000|CLBCATQ.DLL | |2001.12.4414.700|498688 |2008-04-14 20:10:34|C:\WINDOWS\system32 | |77040000|COMRes.dll | |2001.12.4414.700|797696 |2008-04-14 20:10:36|C:\WINDOWS\system32 | |77110000|oleaut32.dll | |5.1.2600.5512 |551936 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |773C0000|comctl32.dll |User Experience Controls Library |6.0.2900.5512 |1054208 |2008-04-14 20:08:38|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83| |774D0000|ole32.dll |Microsoft OLE для Windows |5.1.2600.5512 |1287168 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |77910000|SETUPAPI.dll |Windows Setup API |5.1.2600.5512 |991744 |2008-04-14 21:40:46|C:\WINDOWS\system32 | |77A10000|cscui.dll |Интерфейс кэширования на стороне клиента |5.1.2600.5512 |330752 |2008-04-14 20:10:36|C:\WINDOWS\System32 | |77A70000|CRYPT32.dll |API32 криптографии |5.131.2600.5512 |602112 |2008-04-14 20:10:36|C:\WINDOWS\system32 | |77B10000|MSASN1.dll |ASN.1 Runtime APIs |5.1.2600.5875 |58880 |2009-09-05 01:04:58|C:\WINDOWS\system32 | |77B30000|apphelp.dll |Application Compatibility Client Library |5.1.2600.5512 |125952 |2008-04-14 20:10:34|C:\WINDOWS\system32 | |77BD0000|MSACM32.dll |Фильтр диспетчера аудиосжатия Microsoft |5.1.2600.5512 |71680 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |77BF0000|version.dll |Version Checking and File Installation Libraries |5.1.2600.5512 |18944 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |77C00000|msvcrt.dll |Windows NT CRT DLL |7.0.2600.5512 |343040 |2008-04-14 20:10:42|C:\WINDOWS\system32 | |77C60000|msv1_0.dll |Microsoft Authentication Package v1.0 |5.1.2600.5876 |136192 |2009-09-11 18:19:22|C:\WINDOWS\system32 | |77DC0000|ADVAPI32.dll |Расширенная библиотека API Windows 32 |5.1.2600.5755 |687616 |2009-02-09 14:54:18|C:\WINDOWS\system32 | |77E70000|RPCRT4.dll |Remote Procedure Call Runtime |5.1.2600.5795 |585216 |2009-04-15 18:53:56|C:\WINDOWS\system32 | |77F10000|GDI32.dll |GDI Client DLL |5.1.2600.5698 |286720 |2008-10-23 16:42:24|C:\WINDOWS\system32 | |77F60000|SHLWAPI.dll |Библиотека небольших программ оболочки |6.0.2900.5912 |474112 |2009-12-08 13:25:26|C:\WINDOWS\system32 | |77FE0000|Secur32.dll |Security Support Provider Interface |5.1.2600.5834 |56832 |2009-06-25 12:27:20|C:\WINDOWS\system32 | |78130000|MSVCR80.dll |Microsoft® C Runtime Library |8.0.50727.4053 |632656 |2009-07-12 01:12:06|C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989 | |782E0000|MFC80U.DLL |MFCDLL Shared Library - Retail Version |8.0.50727.4053 |1093120 |2009-07-11 21:46:20|C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e | |7C420000|MSVCP80.dll |Microsoft® C++ Runtime Library |8.0.50727.4053 |554832 |2009-07-12 01:09:20|C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989 | |7C800000|kernel32.dll |Библиотека клиента Windows NT BASE API |5.1.2600.5781 |995840 |2009-03-21 18:09:06|C:\WINDOWS\system32 | |7C900000|ntdll.dll |Системная библиотека NT |5.1.2600.5755 |718848 |2009-02-09 14:54:16|C:\WINDOWS\system32 | |7C9C0000|shell32.dll |Общая библиотека оболочки Windows |6.0.2900.5622 |8478720 |2008-06-17 23:02:36|C:\WINDOWS\system32 | |7D1E0000|msi.dll |Windows Installer |3.1.4001.5512 |2843136 |2008-04-14 20:10:40|C:\WINDOWS\system32 | |7E1E0000|shdocvw.dll |Библиотека объектов документов и элементов управления оболочки |6.0.2900.5512 |1499136 |2008-04-14 20:10:44|C:\WINDOWS\system32 | |7E360000|USER32.dll |Библиотека клиента USER API Windows XP |5.1.2600.5512 |579072 |2008-04-14 20:10:46|C:\WINDOWS\system32 | |7E690000|SXS.DLL |Fusion 2.5 |5.1.2600.5512 |714240 |2008-04-14 20:10:46|C:\WINDOWS\system32 | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory |Priority|Threads|Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |4 |System | | |73728 |Normal |97 | | |172 |S3trayp.exe |s3contrl (32-bit) |2.0.36.404 |589824 |Normal |1 |C:\WINDOWS\system32 | |188 |AvastSvc.exe |avast! Service |6.0.999.0 |20852736 |Normal |64 |C:\Program Files\Alwil Software\Avast5 | |724 |spoolsv.exe |Spooler SubSystem App |5.1.2600.5512 |1404928 |Normal |12 |C:\WINDOWS\system32 | |736 |GoogleUpdate.exe |Установщик Google |1.2.183.9 |2072576 |Normal |7 |C:\Program Files\Google\Update | |896 |smss.exe | | |61440 |Normal |3 |\SystemRoot\System32 | |980 |winlogon.exe | | |3645440 |High |19 |C:\WINDOWS\system32 | |1024|services.exe |Приложение служб и контроллеров |5.1.2600.5755 |1851392 |Normal |16 |C:\WINDOWS\system32 | |1036|lsass.exe |LSA Shell (Export Version) |5.1.2600.5512 |3108864 |Normal |25 |C:\WINDOWS\system32 | |1108|svchost.exe |Generic Host Process for Win32 Services|5.1.2600.5512 |303104 |Normal |8 |C:\WINDOWS\System32 | |1196|svchost.exe |Generic Host Process for Win32 Services|5.1.2600.5512 |1228800 |Normal |18 |C:\WINDOWS\system32 | |1376|Explorer.EXE |Проводник |6.0.2900.5512 |11182080 |Normal |12 |C:\WINDOWS | |1460|cmdagent.exe |COMODO Internet Security |5.3.45685.1236|1314816 |Normal |32 |C:\Program Files\COMODO\COMODO Internet Security | |1500|svchost.exe |Generic Host Process for Win32 Services|5.1.2600.5512 |14934016 |Normal |77 |C:\WINDOWS\system32 | |1792|svchost.exe |Generic Host Process for Win32 Services|5.1.2600.5512 |1978368 |Normal |6 |C:\WINDOWS\system32 | |1920|avastUI.exe |avast! Antivirus |6.0.999.0 |7008256 |Normal |15 |C:\Program Files\Alwil Software\Avast5 | |1928|cfp.exe |COMODO Internet Security |5.3.45685.1236|5369856 |Normal |28 |C:\Program Files\COMODO\COMODO Internet Security | |1932|CTsvcCDA.exe |Creative Service for CDROM Access |1.0.1.0 |73728 |Normal |2 |C:\WINDOWS\system32 | |1980|CTSysVol.exe |CTSysVol.exe |1.4.8.0 |757760 |Normal |2 |C:\Program Files\Creative\SBAudigy\Surround Mixer | |1992|E_S40RP7.EXE |EPSON Status Monitor 3 |4.0.2.0 |69632 |Normal |3 |C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP| |2028|Rundll32.exe |Запуск библиотеки DLL как приложения |5.1.2600.5512 |385024 |Normal |2 |C:\WINDOWS\system32 | |2052|jusched.exe |Java(TM) Update Scheduler |2.0.3.1 |155648 |Normal |1 |C:\Program Files\Common Files\Java\Java Update | |2060|ctfmon.exe |CTF Loader |5.1.2600.5512 |569344 |Normal |1 |C:\WINDOWS\system32 | |2080|OperaPortable.exe |Opera Portable | |6807552 |Normal |3 |G:\PortableApps\OperaPortable | |2088|CTCMSGoU.exe |Creative MediaSource Go! |5.0.3.0 |1912832 |Normal |1 |C:\Program Files\Creative\MediaSource5\Go | |2100|wcescomm.exe |ActiveSync Connection Manager |4.5.5096.0 |1490944 |Normal |6 |C:\Program Files\Microsoft ActiveSync | |2108|IDMan.exe |Internet Download Manager (IDM) |6.5.14.1 |8658944 |Normal |5 |C:\Program Files\Internet Download Manager | |2144|punto.exe |Punto Switcher |3.1.1.72 |3072000 |Normal |3 |C:\Program Files\Yandex\Punto Switcher | |2184|jqs.exe |Java(TM) Quick Starter Service |6.0.240.7 |1445888 |Low |10 |C:\Program Files\Java\jre6\bin | |2324|rapimgr.exe |ActiveSync RAPI Manager |4.5.5096.0 |1896448 |Normal |6 |C:\PROGRA~1\MICROS~4 | |2528|TrueCrypt.exe |TrueCrypt |7.0.1.0 |6467584 |Normal |1 |G:\PortableApps\TrueCryptRortable | |2548|TOTALCMD.EXE |Total Commander 32 bit |7.5.6.1 |6189056 |Normal |7 |G:\PortableApps\TotalCommanderPortable\App\TotalCommander | |2616|dmaster.exe |Download Master |5.10.1.1267 |21139456 |Normal |6 |C:\Program Files\Download Master | |2680|TotalCommanderPortable.exe|Total Commander Portable | |6819840 |Normal |3 |G:\PortableApps\TotalCommanderPortable | |3140|wmiapsrv.exe |Служба адаптера производительности WMI |5.1.2600.5512 |1298432 |Normal |3 |C:\WINDOWS\system32\wbem | |3360|SASPlanet.exe | | |129708032|Normal |13 |O:\SASPlanet | |3368|opera.exe |Opera Internet Browser |11.1.1190.0 |53538816 |Normal |13 |G:\PortableApps\OperaPortable\App\Opera | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: -------------------------------------------------------------- 00487A1B ret 00487A1C clc 00487A1D jmp ax 00487A1F fstp st(3) 00487A21 idiv edi 00487A23 ret 00487A24 mov ecx, [$7B98A8] 00487A2A mov dl, $01 00487A2C mov eax, dword ptr [EMultiFree] 00487A31 call -$000734D2 00487A36 call -$0008243B ; <-- EXCEPTION 00487A3B ret Registers: ----------------------------- EAX: 0BAD2820 EDI: 0013F870 EBX: 0BAD2820 ESI: 0BAD2820 ECX: 0BAD2800 ESP: 0013EEE0 EDX: 00487A3B EIP: 00487A36 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0013EEE0: 0040A6BB 00487A36: E8 C5 DB F7 FF C3 68 84 BD 7F 00 E8 FE 10 F8 FF ......h......... 0013EEE4: 0013EEF4 00487A46: C3 90 55 8B EC 6A 00 33 C0 55 68 CF 7A 48 00 64 ..U..j.3.Uh.zH.d 0013EEE8: 0040A76F 00487A56: FF 30 64 89 20 A1 B0 29 7F 00 C7 00 4C 71 48 00 .0d. ..)....LqH. 0013EEEC: 02000000 00487A66: A1 50 29 7F 00 C7 00 CC 73 48 00 A1 40 2B 7F 00 .P).....sH..@+.. 0013EEF0: 0BAD26F0 00487A76: C7 00 50 75 48 00 A1 9C 2A 7F 00 C7 00 0C 7A 48 ..PuH...*.....zH 0013EEF4: 0013F8A0 00487A86: 00 A1 80 2F 7F 00 C7 00 24 7A 48 00 8D 45 FC E8 .../....$zH..E.. 0013EEF8: 004030BA 00487A96: DE 18 FE FF 8B 45 FC E8 C2 E6 F7 FF 8B D0 B8 84 .....E.......... 0013EEFC: 00404C4D 00487AA6: BD 7F 00 E8 26 73 F8 FF A1 F0 33 7F 00 C7 00 3C ....&s....3....< 0013EF00: 0BAD2801 00487AB6: 7A 48 00 33 C0 5A 59 59 64 89 10 68 D6 7A 48 00 zH.3.ZYYd..h.zH. 0013EF04: 00405041 00487AC6: 8D 45 FC E8 DA E1 F7 FF C3 E9 88 D9 F7 FF EB F0 .E.............. 0013EF08: 0042B131 00487AD6: 59 5D C3 8D 40 00 55 8B EC 33 C9 51 51 51 51 51 Y]..@.U..3.QQQQQ 0013EF0C: 00000000 00487AE6: 53 56 8B 75 08 33 C0 55 68 06 7C 48 00 64 FF 30 SV.u.3.Uh.|H.d.0 0013EF10: 0013EF38 00487AF6: 64 89 20 E8 86 E5 FF FF 84 C0 0F 84 DC 00 00 00 d. ............. 0013EF14: 00404C93 00487B06: E8 55 E2 FF FF 84 C0 0F 84 CF 00 00 00 C6 05 98 .U.............. 0013EF18: 0041658D 00487B16: BA 7F 00 01 33 DB E8 7B B6 F7 FF 8B 15 CC C0 40 ....3..{.......@ 0013EF1C: 00679434 00487B26: 00 E8 E8 D2 F7 FF 84 C0 74 07 E8 67 B6 F7 FF 8B ........t..g....