EurekaLog 7.4.8.0 RC 1 Application: ------------------------------------------------------------- 1.1 Start Date : Tue, 22 Sep 2020 09:15:56 +0300 1.2 Name/Description: mcclient.exe 1.3 Version Number : 8.1.0.0 1.4 Parameters : /autorun 1.5 Compilation Date: Tue, 1 Sep 2020 17:01:55 +0300 1.6 Up Time : 3 hour(s), 41 minute(s), 56 second(s) Exception: ------------------------------------------------------------------------------------------------------------------- 2.1 Date : Tue, 22 Sep 2020 12:57:53 +0300 2.2 Address : 0040DD50 2.3 Module Name : mcclient.exe 2.4 Module Version: 8.1.0.0 2.5 Type : EInvalidPointer 2.6 Message : Application made attempt to free invalid or unknown memory block: $0B30D5F0 DATA [?] 0 bytes. 2.7 ID : C0C70000 2.8 Count : 1 2.9 Status : New 2.10 Note : 2.11 Sent : 0 User: ------------------------------------------------------- 3.1 ID : userkassa 3.2 Name : касса 3.3 Email : 3.4 Company : 3.5 Privileges: SeLockMemoryPrivilege - OFF SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON SeCreateGlobalPrivilege - ON SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF Active Controls: ------------------------------------------------------------------------------------------------- 4.1 Form Class : TMainForm 4.2 Form Text : MyChat Client 8.1.0 - Финансовый Казначей [ООО "Восточные Берники"] (В сети) 4.3 Control Class: TRichViewEdit 4.4 Control Text : Computer: ----------------------------------------------------------------------------------------- 5.1 Name : KASSA 5.2 Total Memory : 8448528384 (7,87 Gb) 5.3 Free Memory : 4843347968 (4,51 Gb) 5.4 Total Disk : 185425981440 (172,69 Gb) 5.5 Free Disk : 115228856320 (107,32 Gb) 5.6 System Up Time : 3 hour(s), 43 minute(s), 5 second(s) 5.7 Processor : Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz 5.8 Display Mode : 1920 x 1080, 32 bit 5.9 Display DPI : 120 5.10 Video Card : Intel(R) HD Graphics 4600 (driver 10.18.14.4170 - RAM 1073741824) 5.11 Printer : HP LaserJet Professional M1132 MFP (driver 2012.0929.1.58769) 5.12 Virtual Machine: Operating System: ---------------------------------------------------- 6.1 Type : Microsoft Windows 7 (64 bit) 6.2 Build # : 7601 (6.1.7601.18015) 6.3 Update : Service pack 1 6.4 Language : Russian (0419) 6.5 Charset : 204/1251 6.6 Install Language: Russian (0419) 6.7 UI Language : Russian (0419) Network: --------------------------------- 7.1 IP Address: 192.168.001.079 7.2 Submask : 255.255.255.000 7.3 Gateway : 192.168.001.010 7.4 DNS 1 : 192.168.001.010 7.5 DNS 2 : 000.000.000.000 7.6 DHCP : ON Steps to reproduce: ------------ 8.1 Text: Custom Information: -------------------------------------------------------------------------- 9.1 ServerHWID: 243868887_3373_6-14-10-600000000 9.2 License : COMMERCIAL 9.3 ClientHWID: 453AC43920194843E203A4066A418438201E562B43F42C43405A441A Call Stack Information: ----------------------------------------------------------------------------------------------------------------------------------------------------- |Methods |Details|Stack |Address |Module |Offset |Unit |Class |Procedure/Method |Line | ----------------------------------------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=4260; Parent=0; Priority=0 | |Class=; Name=MAIN | |DeadLock=0; Wait Chain= | |Comment= | |---------------------------------------------------------------------------------------------------------------------------------------------------| |7FFFFFFE|03 |00000000|0040DD55|mcclient.exe|0000DD55|System | |_DynArrayClear | | |00000020|03 |0018F8DC|0040D9F0|mcclient.exe|0000D9F0|System | |DynArrayClear | | |00000020|03 |0018F8E0|0040DA2C|mcclient.exe|0000DA2C|System | |DynArraySetLength | | |00000020|03 |0018F910|0040DC01|mcclient.exe|0000DC01|System | |_DynArraySetLength | | |00000020|03 |0018F918|004DCE0A|mcclient.exe|000DCE0A|System.Classes |TList |SetCapacity | | |00000020|03 |0018F928|004DC998|mcclient.exe|000DC998|System.Classes |TList |Clear | | |00000020|04 |0018F930|0097CD7F|mcclient.exe|0057CD7F|RVTable |TRVTableItemFormattingInfo|Clear |7398[4] | |00000020|04 |0018F93C|0097D1E0|mcclient.exe|0057D1E0|RVTable |TRVTableItemInfo |ClearTemporal |7507[11] | |00000020|04 |0018F94C|0097D13C|mcclient.exe|0057D13C|RVTable |TRVTableItemInfo |Destroy |7485[1] | |00000020|03 |0018F95C|00409464|mcclient.exe|00009464|System |TObject |Free | | |00000020|04 |0018F960|00A7D0FC|mcclient.exe|0067D0FC|CRVData |TCustomRVData |InternalFreeItem |2219[11] | |00000020|04 |0018F970|00A30D41|mcclient.exe|00630D41|CRVFData |TCustomRVFormattedData |InternalFreeItem |10931[9] | |00000020|04 |0018F97C|00A7D17C|mcclient.exe|0067D17C|CRVData |TCustomRVData |FreeItem |2234[7] | |00000020|04 |0018F9A8|00A7D226|mcclient.exe|0067D226|CRVData |TCustomRVData |Clear |2254[12] | |00000020|04 |0018F9B0|00A7D237|mcclient.exe|0067D237|CRVData |TCustomRVData |Clear |2255[13] | |00000020|04 |0018F9DC|00A1CA8A|mcclient.exe|0061CA8A|CRVFData |TCustomRVFormattedData |Clear |975[7] | |00000020|04 |0018F9FC|009DFF3B|mcclient.exe|005DFF3B|RVRVData |TRichViewRVData |Clear |1191[14] | |00000020|04 |0018FA1C|009ED223|mcclient.exe|005ED223|RichView |TCustomRichView |Clear |1954[2] | |00000020|04 |0018FA24|00DC83B9|mcclient.exe|009C83B9|myConversations|TOnePrivateConversation |Render |474[3] | |00000020|04 |0018FA64|00DC7D3E|mcclient.exe|009C7D3E|myConversations|TMyConversations |RenderPrivateConversation |275[5] | |00000020|04 |0018FAA0|01067D25|mcclient.exe|00C67D25|mccadditional | |mcSyncPrivateHistory |835[26] | |00000020|04 |0018FAF0|00E8870B|mcclient.exe|00A8870B|mcparse | |Parser |187[159] | |00000020|04 |0018FB34|011E4747|mcclient.exe|00DE4747|fm_main |TMainForm |EventParse |4354[10] | |00000020|04 |0018FB50|011E37D4|mcclient.exe|00DE37D4|fm_main |TMainForm |WndProc |3869[38] | |00000020|04 |0018FB80|0083036B|mcclient.exe|0043036B|DynamicSkinForm|TspDynamicSkinForm |NewWndProc |19310[1285] | |00000020|03 |0018FCFC|76456D4C|user32.dll |00016D4C|USER32 | | (possible GetThreadDesktop+233) | | |00000020|03 |0018FD28|0062B104|mcclient.exe|0022B104|Vcl.Controls |TWinControl |MainWndProc | | |00000020|03 |0018FD58|004F5388|mcclient.exe|000F5388|System.Classes | |StdWndProc | | |00000020|03 |0018FD70|764562F7|user32.dll |000162F7|USER32 | | (possible gapfnScSendMessage+815)| | |00000020|03 |0018FD9C|76456D35|user32.dll |00016D35|USER32 | | (possible GetThreadDesktop+210) | | |00000020|03 |0018FE14|764577BF|user32.dll |000177BF|USER32 | | (possible CharPrevW+307) | | |00000020|03 |0018FE74|76457885|user32.dll |00017885|USER32 | |DispatchMessageW | | |00000020|03 |0018FE84|006F54FF|mcclient.exe|002F54FF|Vcl.Forms |TApplication |ProcessMessage | | |00000020|03 |0018FEA0|006F5542|mcclient.exe|002F5542|Vcl.Forms |TApplication |HandleMessage | | |00000020|03 |0018FEC4|006F587D|mcclient.exe|002F587D|Vcl.Forms |TApplication |Run | | |00000020|04 |0018FEF4|0120E3F6|mcclient.exe|00E0E3F6|mcclient | |Initialization |489[265] | |00000020|03 |0018FF8C|7621343B|kernel32.dll|0001343B|kernel32 | |BaseThreadInitThunk | | ----------------------------------------------------------------------------------------------------------------------------------------------------- Mosules Information: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|mcclient.exe | |8.1.0.0 |20106488|2020-09-01 17:03:24|C:\Users\userkassa\AppData\Local\NSS\MyChat Client\ | |0B030000|AntiCAPS.dll | | |1024512 |2020-07-30 16:04:18|C:\Users\userkassa\AppData\Local\MyChat Client\plugins\AntiCAPS\bin\ | |0CAA0000|Beeper.dll | | |1023488 |2020-07-30 16:04:18|C:\Users\userkassa\AppData\Local\MyChat Client\plugins\Beeper\bin\ | |11000000|libeay32.dll |OpenSSL Shared Library |1.0.2.14 |1371136 |2017-12-07 17:08:22|C:\Users\userkassa\AppData\Local\NSS\MyChat Client\ | |12000000|ssleay32.dll |OpenSSL Shared Library |1.0.2.14 |337920 |2017-12-07 17:08:22|C:\Users\userkassa\AppData\Local\NSS\MyChat Client\ | |66EC0000|GrooveUtil.DLL |GrooveUtil Module |12.0.6606.1000 |967008 |2011-07-27 05:14:02|C:\Program Files (x86)\Microsoft Office\Office12\ | |66FC0000|GrooveShellExtensions.dll |GrooveShellExtensions Module |12.0.6500.5000 |2217832 |2009-02-26 18:36:54|C:\Program Files (x86)\Microsoft Office\Office12\ | |671E0000|EhStorShell.dll |Библиотека DLL расширения оболочки Windows Enhanced Storage |6.1.7600.16385 |189952 |2009-07-14 04:15:14|C:\Windows\System32\ | |67220000|IconCodecService.dll |Converts a PNG part of the icon to a legacy bmp icon |6.1.7600.16385 |9728 |2009-07-14 04:15:27|C:\Windows\System32\ | |67230000|ATL80.dll |ATL Module for Windows (Unicode) |8.0.50727.6195 |97280 |2015-07-14 13:58:30|C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ | |67250000|GrooveNew.DLL |GrooveNew Module |12.0.6500.5000 |21856 |2009-02-26 18:36:48|C:\Program Files (x86)\Microsoft Office\Office12\ | |67260000|WindowsCodecs.dll |Microsoft Windows Codecs Library |6.2.9200.21830 |1230848 |2016-04-09 07:20:04|C:\Windows\System32\ | |69E70000|slc.dll |Software Licensing Client DLL |6.1.7600.16385 |27136 |2009-07-14 04:16:15|C:\Windows\System32\ | |69F90000|ntshrui.dll |Расширения оболочки, обеспечивающие доступ к ресурсам |6.1.7601.17755 |442880 |2012-01-04 11:58:41|C:\Windows\System32\ | |6A6F0000|AudioSes.dll |Сеанс обработки звука |6.1.7601.23471 |195072 |2016-06-14 18:21:18|C:\Windows\System32\ | |6A730000|MMDevAPI.dll |MMDevice API |6.1.7601.17514 |213504 |2010-11-20 03:19:40|C:\Windows\System32\ | |6AF80000|cscapi.dll |Offline Files Win32 API |6.1.7601.17514 |34816 |2010-11-20 03:18:26|C:\Windows\System32\ | |6B060000|dhcpcsvc.dll |Служба DHCP-клиента |6.1.7600.16385 |61952 |2009-07-14 04:15:11|C:\Windows\System32\ | |6B190000|shdocvw.dll |Библиотека объектов документов и элементов управления оболочки|6.1.7601.23896 |180224 |2017-08-19 18:10:53|C:\Windows\System32\ | |6B2E0000|browcli.dll |Browser Service Client DLL |6.1.7601.17887 |41984 |2012-07-05 00:14:34|C:\Windows\System32\ | |6BDF0000|linkinfo.dll |Windows Volume Tracking |6.1.7600.16385 |22016 |2009-07-14 04:15:36|C:\Windows\System32\ | |6BE00000|dhcpcsvc6.DLL |Клиент DHCPv6 |6.1.7601.17970 |44032 |2012-10-09 20:40:31|C:\Windows\System32\ | |6BE10000|winrnr.dll |LDAP RnR Provider DLL |6.1.7600.16385 |20992 |2009-07-14 04:16:19|C:\Windows\System32\ | |6BE20000|pnrpnsp.dll |Поставщик пространства имен PNRP |6.1.7600.16385 |65024 |2009-07-14 04:16:12|C:\Windows\System32\ | |6BFA0000|powrprof.dll |DLL модуля поддержки профиля управления питанием |6.1.7600.16385 |145408 |2009-07-14 04:16:12|C:\Windows\System32\ | |6BFD0000|NapiNSP.dll |Поставщик оболочки совместимости для имен электронной почты |6.1.7600.16385 |52224 |2009-07-14 04:16:02|C:\Windows\System32\ | |6BFE0000|avrt.dll |Multimedia Realtime Runtime |6.1.7600.16385 |14336 |2009-07-14 04:14:58|C:\Windows\System32\ | |6BFF0000|samcli.dll |Security Accounts Manager Client DLL |6.1.7601.17514 |51200 |2010-11-20 03:21:06|C:\Windows\System32\ | |6C000000|wkscli.dll |Workstation Service Client DLL |6.1.7601.17514 |47104 |2010-11-20 03:21:38|C:\Windows\System32\ | |6C010000|srvcli.dll |Server Service Client DLL |6.1.7601.17514 |90112 |2010-11-20 03:21:28|C:\Windows\System32\ | |6C030000|netutils.dll |Net Win32 API Helpers DLL |6.1.7601.17514 |22528 |2010-11-20 03:20:30|C:\Windows\System32\ | |6C040000|netapi32.dll |Net Win32 API DLL |6.1.7601.17887 |57344 |2012-07-05 00:16:56|C:\Windows\System32\ | |6C060000|oleacc.dll |Active Accessibility Core Component |7.0.0.0 |233472 |2011-08-27 07:26:27|C:\Windows\System32\ | |6C0A0000|bass.dll |BASS |2.4.14.0 |127669 |2019-01-16 15:34:32|C:\Users\userkassa\AppData\Local\NSS\MyChat Client\ | |6C220000|nlaapi.dll |Network Location Awareness 2 |6.1.7601.24000 |52224 |2018-01-01 05:00:07|C:\Windows\System32\ | |6C540000|msacm32.dll |Фильтр диспетчера аудиосжатия Microsoft |6.1.7600.16385 |72192 |2009-07-14 04:15:42|C:\Windows\System32\ | |6C560000|propsys.dll |Система страниц свойств (Microsoft) |7.0.7601.17514 |988160 |2010-11-20 03:20:58|C:\Windows\System32\ | |6C660000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 04:16:20|C:\Windows\System32\ | |6C670000|idndl.dll |Downlevel DLL |6.1.7600.16385 |33792 |2009-07-14 04:15:27|C:\Windows\System32\ | |6C9D0000|GdiPlus.dll |Microsoft GDI+ |6.1.7601.23894 |1629696 |2017-08-16 18:10:13|C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_5c0be957a009922e\ | |6E880000|hunspelldll.dll | | |223232 |2006-05-27 16:34:22|C:\Users\userkassa\AppData\Local\NSS\MyChat Client\ | |6F8C0000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-20 03:21:38|C:\Windows\System32\ | |6FA00000|mpr.dll |Библиотека маршрутизации для нескольких служб доступа |6.1.7600.16385 |64000 |2009-07-14 04:15:41|C:\Windows\System32\ | |6FCB0000|apphelp.dll |Клиентская библиотека совместимости приложений |6.1.7601.19050 |295936 |2015-10-29 20:49:58|C:\Windows\System32\ | |6FDE0000|wship6.dll |Библиотека DLL помощника Winsock2 (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 04:16:20|C:\Windows\System32\ | |6FDF0000|WSHTCPIP.DLL |Библиотека DLL помощника службы Winsock2 (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 04:16:20|C:\Windows\System32\ | |6FE00000|mswsock.dll |Расширение поставщика службы API Microsoft Windows Sockets 2.0|6.1.7601.23451 |231424 |2016-05-11 18:19:16|C:\Windows\System32\ | |6FE50000|winsta.dll |Winstation Library |6.1.7601.18540 |157696 |2014-07-17 04:40:03|C:\Windows\System32\ | |70510000|comctl32.dll |Библиотека общих элементов управления |5.82.7601.18837 |530432 |2015-04-24 20:56:58|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\| |72A30000|msvcr80.dll |Microsoft® C Runtime Library |8.0.50727.6195 |632656 |2015-07-14 13:58:32|C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\ | |73720000|rsaenh.dll |Microsoft Enhanced Cryptographic Provider |6.1.7600.16385 |242936 |2009-07-14 04:17:54|C:\Windows\System32\ | |73760000|cpadvai.dll |Модуль исправления функционирования advapi32 |4.0.5233.0 |64640 |2018-02-22 05:18:36|C:\Program Files (x86)\Common Files\Crypto Pro\AppCompat\ | |73770000|cryptsp.dll |Cryptographic Service Provider API |6.1.7601.23471 |80896 |2016-06-14 18:21:20|C:\Windows\System32\ | |73790000|ntmarta.dll |Поставщик Windows NT MARTA |6.1.7600.16385 |121856 |2009-07-14 04:16:11|C:\Windows\System32\ | |738A0000|cpcrypt.dll |Модуль исправления функционирования crypt32 |4.0.5228.0 |105176 |2018-02-22 05:18:38|C:\Program Files (x86)\Common Files\Crypto Pro\AppCompat\ | |738C0000|detoured.dll |Marks process affected by Microsoft Research Detours Package |2.1.317.0 |29832 |2018-02-22 05:18:38|C:\Program Files (x86)\Common Files\Crypto Pro\AppCompat\ | |738D0000|cpwinet.dll |Модуль исправления функционирования wininet.dll |4.0.4766.0 |38296 |2018-02-21 00:17:10|C:\Program Files (x86)\Common Files\Crypto Pro\AppCompat\ | |738E0000|winnsi.dll |Network Store Information RPC interface |6.1.7601.23889 |16384 |2017-08-11 09:19:44|C:\Windows\System32\ | |738F0000|IPHLPAPI.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-20 03:19:24|C:\Windows\System32\ | |73910000|winspool.drv |Драйвер диспетчера очереди Windows |6.1.7601.17514 |320000 |2010-11-20 03:16:52|C:\Windows\System32\ | |73970000|comctl32.dll |Библиотека элементов управления взаимодействия с пользователем|6.10.7601.18837 |1680896 |2015-04-24 20:54:13|C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\ | |73B10000|wtsapi32.dll |Windows Remote Desktop Session Host Server SDK APIs |6.1.7601.17514 |40448 |2010-11-20 03:21:40|C:\Windows\System32\ | |73B20000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 04:16:17|C:\Windows\System32\ | |747F0000|dwmapi.dll |Интерфейс API диспетчера окон рабочего стола (Майкрософт) |6.1.7601.18917 |67584 |2015-07-09 20:42:54|C:\Windows\System32\ | |74910000|olepro32.dll | |6.1.7601.23452 |90624 |2016-05-12 18:18:31|C:\Windows\System32\ | |74940000|FWPUCLNT.DLL |API пользовательского режима FWP/IPsec |6.1.7601.24000 |216576 |2018-01-01 05:00:02|C:\Windows\System32\ | |74980000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 04:16:12|C:\Windows\System32\ | |74990000|dnsapi.dll |Динамическая библиотека API DNS-клиента |6.1.7601.17570 |270336 |2011-03-03 08:38:01|C:\Windows\System32\ | |74B20000|msimg32.dll |GDIEXT Client DLL |6.1.7600.16385 |4608 |2009-07-14 04:15:44|C:\Windows\System32\ | |74B30000|uxtheme.dll |Библиотека тем UxTheme (Microsoft) |6.1.7600.16385 |245760 |2009-07-14 04:11:24|C:\Windows\System32\ | |753D0000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7601.24059 |36352 |2018-03-09 05:22:01|C:\Windows\SysWOW64\ | |753E0000|sspicli.dll |Security Support Provider Interface |6.1.7601.24059 |96768 |2018-03-09 05:43:46|C:\Windows\SysWOW64\ | |75440000|shlwapi.dll |Библиотека небольших программ оболочки |6.1.7601.17514 |350208 |2010-11-20 03:21:20|C:\Windows\SysWOW64\ | |754A0000|msctf.dll |Серверная библиотека MSCTF |6.1.7601.23915 |830464 |2017-09-13 18:09:01|C:\Windows\SysWOW64\ | |75570000|shell32.dll |Общая библиотека оболочки Windows |6.1.7601.24000 |12880384|2018-01-01 05:00:12|C:\Windows\SysWOW64\ | |761C0000|api-ms-win-downlevel-shlwapi-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |9728 |2015-07-13 20:31:46|C:\Windows\SysWOW64\ | |76200000|kernel32.dll |Библиотека клиента Windows NT BASE API |6.1.7601.24059 |1114112 |2018-03-09 05:43:46|C:\Windows\SysWOW64\ | |76310000|crypt32.dll |API32 криптографии |6.1.7601.23769 |1176064 |2017-04-12 18:25:04|C:\Windows\SysWOW64\ | |76440000|user32.dll |Многопользовательская библиотека клиента USER API Windows |6.1.7601.23594 |833024 |2016-11-10 19:19:40|C:\Windows\SysWOW64\ | |76540000|devobj.dll |Device Information Set DLL |6.1.7601.17621 |64512 |2011-05-24 13:40:05|C:\Windows\SysWOW64\ | |76560000|cfgmgr32.dll |Configuration Manager DLL |6.1.7601.17621 |145920 |2011-05-24 13:39:38|C:\Windows\SysWOW64\ | |76590000|msasn1.dll |ASN.1 Runtime APIs |6.1.7601.17514 |34304 |2010-11-20 03:19:46|C:\Windows\SysWOW64\ | |765A0000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7601.18869 |92160 |2015-05-25 21:01:39|C:\Windows\SysWOW64\ | |765C0000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |765D0000|api-ms-win-downlevel-ole32-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |5632 |2015-07-13 20:31:46|C:\Windows\SysWOW64\ | |76640000|setupapi.dll |Windows Setup API |6.1.7601.17514 |1667584 |2010-11-20 03:21:16|C:\Windows\SysWOW64\ | |767E0000|ws2_32.dll |32-разрядная библиотека Windows Socket 2.0 |6.1.7601.23451 |206336 |2016-05-11 18:19:26|C:\Windows\SysWOW64\ | |76820000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2011-12-16 10:52:58|C:\Windows\SysWOW64\ | |768D0000|psapi.dll |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 04:16:12|C:\Windows\SysWOW64\ | |768E0000|userenv.dll |Userenv |6.1.7601.17514 |81920 |2010-11-20 03:21:34|C:\Windows\SysWOW64\ | |76900000|urlmon.dll |Расширения OLE32 для Win32 |11.0.9600.18894 |1313792 |2017-12-29 20:15:44|C:\Windows\SysWOW64\ | |76A50000|usp10.dll |Uniscribe Unicode script processor |1.626.7601.23894 |629760 |2017-08-16 18:10:30|C:\Windows\SysWOW64\ | |76AF0000|ole32.dll |Microsoft OLE для Windows |6.1.7601.24000 |1417728 |2018-01-01 05:00:09|C:\Windows\SysWOW64\ | |76C50000|api-ms-win-downlevel-normaliz-l1-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |2560 |2015-07-13 20:31:46|C:\Windows\SysWOW64\ | |76C60000|clbcatq.dll |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 04:15:03|C:\Windows\SysWOW64\ | |76D80000|KERNELBASE.dll |Библиотека клиента Windows NT BASE API |6.1.7601.24059 |275456 |2018-03-09 05:43:46|C:\Windows\SysWOW64\ | |76DD0000|gdi32.dll |GDI Client DLL |6.1.7601.23914 |312832 |2017-09-08 18:10:06|C:\Windows\SysWOW64\ | |76E60000|api-ms-win-downlevel-user32-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |4096 |2015-07-13 20:31:46|C:\Windows\SysWOW64\ | |76E70000|nsi.dll |NSI User-mode interface DLL |6.1.7601.23889 |8704 |2017-08-11 09:19:39|C:\Windows\SysWOW64\ | |76E80000|oleaut32.dll | |6.1.7601.23775 |581632 |2017-04-17 18:12:24|C:\Windows\SysWOW64\ | |76F20000|advapi32.dll |Расширенная библиотека API Windows 32 |6.1.7601.24059 |644096 |2018-03-09 05:43:39|C:\Windows\SysWOW64\ | |76FD0000|api-ms-win-downlevel-version-l1-1-0.dll |ApiSet Stub DLL |6.2.9200.16492 |3072 |2015-07-13 20:31:46|C:\Windows\SysWOW64\ | |76FE0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |119808 |2010-11-20 03:08:52|C:\Windows\System32\ | |77040000|lpk.dll |Language Pack |6.1.7601.23974 |25600 |2017-12-13 19:11:51|C:\Windows\SysWOW64\ | |77050000|imagehlp.dll |Windows NT Image Helper |6.1.7601.18288 |159232 |2013-10-19 04:36:59|C:\Windows\SysWOW64\ | |77080000|Wldap32.dll |Win32 LDAP API DLL |6.1.7601.23889 |271360 |2017-08-11 09:19:44|C:\Windows\SysWOW64\ | |770D0000|wininet.dll |Расширения Интернета для Win32 |11.0.9600.18894 |2767872 |2017-12-29 20:19:21|C:\Windows\SysWOW64\ | |77380000|normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 04:09:00|C:\Windows\SysWOW64\ | |77390000|iertutil.dll |Run time utility for Internet Explorer |11.0.9600.18894 |2294272 |2017-12-29 21:09:59|C:\Windows\SysWOW64\ | |775D0000|rpcrt4.dll |Библиотека удаленного вызова процедур |6.1.7601.24059 |666112 |2018-03-09 05:43:46|C:\Windows\SysWOW64\ | |776C0000|api-ms-win-downlevel-advapi32-l1-1-0.dll|ApiSet Stub DLL |6.2.9200.16492 |10752 |2015-07-13 20:31:46|C:\Windows\SysWOW64\ | |776D0000|comdlg32.dll |Библиотека общих диалоговых окон |6.1.7601.17514 |485888 |2010-11-20 03:18:24|C:\Windows\SysWOW64\ | |77B30000|ntdll.dll |Системная библиотека NT |6.1.7601.24059 |1314064 |2018-03-09 05:47:00|C:\Windows\SysWOW64\ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory |Priority |Threads|Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |0 |[System Process] | | |0 | |4 | | |4 |System | | |6066176 |Normal |161 | | |384 |smss.exe | | |1593344 |Normal |2 |C:\Windows\System32\ | |472 |audiodg.exe | | |22908928 |Normal |9 |C:\Windows\System32\ | |556 |csrss.exe | | |0 |High |10 | | |568 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |169615360|Normal |22 |C:\Windows\System32\ | |608 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |22802432 |Normal |17 |C:\Windows\System32\ | |644 |wininit.exe |Автозагрузка приложений Windows |6.1.7600.16385 |5894144 |High |3 |C:\Windows\System32\ | |652 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |38281216 |Normal |36 |C:\Windows\System32\ | |668 |csrss.exe | | |0 |High |12 | | |684 |RtkNGUI64.exe |Диспетчер Realtek HD |1.0.383.1 |11644928 |Normal |12 |C:\Program Files\Realtek\Audio\HDA\ | |716 |winlogon.exe | | |9801728 |High |3 |C:\Windows\System32\ | |744 |services.exe | | |10752000 |Normal |9 |C:\Windows\System32\ | |772 |lsass.exe | | |20234240 |Normal |9 |C:\Windows\System32\ | |780 |lsm.exe | | |6295552 |Normal |10 |C:\Windows\System32\ | |880 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |12054528 |Normal |11 |C:\Windows\System32\ | |948 |svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |11182080 |Normal |7 |C:\Windows\System32\ | |1020|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |24260608 |Normal |22 |C:\Windows\System32\ | |1060|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |8859648 |Normal |5 |C:\Windows\System32\ | |1148|igfxCUIService.exe | | |8802304 |Normal |6 |C:\Windows\System32\ | |1272|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |23379968 |Normal |27 |C:\Windows\System32\ | |1440|spoolsv.exe | | |22233088 |Normal |17 |C:\Windows\System32\ | |1468|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |12627968 |Normal |27 |C:\Windows\System32\ | |1532|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |7122944 |Normal |6 |C:\Windows\System32\ | |1600|dataserv.exe |PowerChute Data Service |3.0.2.0 |28241920 |Normal |10 |C:\Program Files (x86)\APC\PowerChute Personal Edition\ | |1636|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |18894848 |Normal |19 |C:\Windows\System32\ | |1740|mainserv.exe |Battery Backup Management Service |3.0.2.0 |10362880 |Normal |4 |C:\Program Files (x86)\APC\PowerChute Personal Edition\ | |1832|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |15048704 |Normal |7 |C:\Windows\System32\ | |1868|dwservice.exe |Dr.Web Control Service |12.10.0.5221 |149704704|Normal |88 |C:\Program Files\DrWeb\ | |1920|es-service.exe |Dr.Web ES Service |12.10.0.7240 |31047680 |Normal |26 |C:\Program Files\DrWeb\ | |1960|WUDFHost.exe | | |0 |Normal |8 | | |1976|eTSrv.exe |eToken service application |5.1.66.0 |7626752 |Normal |5 |C:\Program Files\Aladdin\eToken\PKIClient\x64\ | |2000|MonitorSvc.exe | | |9822208 |Normal |6 |C:\Program Files (x86)\JC-WebClient\ | |2100|svchost.exe |Хост-процесс для служб Windows |6.1.7600.16385 |5935104 |Below-Normal|4 |C:\Windows\System32\ | |2404|start.exe | | |14163968 |Normal |6 |F:\ | |2416|WUDFHost.exe | | |0 |Normal |8 | | |2460|IAStorIcon.exe |IAStorIcon |13.0.3.1001 |40493056 |Normal |7 |C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ | |2584|WUDFHost.exe | | |0 |Normal |8 | | |2916|dwwatcher.exe |Dr.Web Scanning Watcher |12.5.4.6100 |524288 |Normal |2 |C:\Program Files\Common Files\Doctor Web\Scanning Engine\ | |2956|dwengine.exe |Dr.Web Scanning Engine |12.5.4.6100 |454025216|Normal |26 |C:\Program Files\Common Files\Doctor Web\Scanning Engine\ | |3028|IAStorDataMgrSvc.exe |IAStorDataSvc |13.0.3.1001 |47353856 |Normal |8 |C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ | |3036|dwarkdaemon.exe |Dr.Web Anti-Rootkit Server |12.5.4.6100 |156532736|Normal |34 |C:\Program Files\Common Files\Doctor Web\Scanning Engine\ | |3076|dwnetfilter.exe |Dr.Web Net filtering service |12.5.5.7143 |51859456 |Normal |22 |C:\Program Files\DrWeb\ | |3412|taskhost.exe | | |32854016 |Normal |11 |C:\Windows\System32\ | |3452|PKIMonitor.exe |PKIMonitor Application |5.1.66.0 |15523840 |Normal |12 |C:\Program Files\Aladdin\eToken\PKIClient\x64\ | |3608|spideragent.exe |SpIDer Agent for Windows |12.10.0.6140 |20078592 |Normal |9 |C:\Program Files\DrWeb\ | |3728|NokiaSuite.exe |Nokia Suite |3.8.54.0 |44158976 |Normal |62 |C:\Program Files (x86)\Nokia\Nokia Suite\ | |3840|igfxTray.exe | | |10170368 |Normal |4 |C:\Windows\System32\ | |3852|PresentationFontCache.exe|PresentationFontCache.exe |3.0.6920.5011 |20783104 |Normal |6 |C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\ | |3860|igfxEM.exe | | |11657216 |Normal |5 |C:\Windows\System32\ | |3864|JC-WebClient.exe |JC-WebClient.exe |4.0.0.1186 |17768448 |Normal |19 |C:\Program Files (x86)\JC-WebClient\ | |3872|igfxHK.exe | | |9498624 |Normal |4 |C:\Windows\System32\ | |3948|bssPluginHostGPB.exe |BSS system file |3.20.2.1920 |22106112 |Normal |5 |C:\Users\userkassa\AppData\Roaming\BSS\BSSPluginGPB\ | |3968|bssPluginHost.exe |BSS system file |3.20.2.1760 |22175744 |Normal |6 |C:\Users\userkassa\AppData\Roaming\BSS\BSSPlugin\ | |3988|dwm.exe | | |42561536 |High |5 |C:\Windows\System32\ | |4072|explorer.exe |Проводник |6.1.7601.23537 |69386240 |Normal |22 |C:\Windows\ | |4196|SearchIndexer.exe |Индексатор службы Microsoft Windows Search |7.0.7601.23930 |26730496 |Normal |15 |C:\Windows\System32\ | |4256|mcclient.exe | |8.1.0.0 |140218368|Normal |13 |C:\Users\userkassa\AppData\Local\NSS\MyChat Client\ | |4416|jusched.exe |Java Update Scheduler |2.8.111.14 |9490432 |Normal |2 |C:\Program Files (x86)\Common Files\Java\Java Update\ | |4512|ServiceLayer.exe |ServiceLayer Module |12.0.109.0 |9211904 |Normal |13 |C:\Program Files (x86)\PC Connectivity Solution\ | |4568|wmpnetwk.exe |Служба общих сетевых ресурсов проигрывателя Windows Media|12.0.7601.17514|8998912 |Normal |11 |C:\Program Files\Windows Media Player\ | |4580|NclUSBSrv64.exe |USB Media Server |12.0.109.0 |5644288 |High |4 |C:\Program Files (x86)\PC Connectivity Solution\Transports\| |4836|apcsystray.exe |PowerChute System Tray Power Icon |3.0.2.0 |10051584 |Normal |5 |C:\Program Files (x86)\APC\PowerChute Personal Edition\ | |4860|dwantispam.exe |Dr.Web Anti-Spam |12.5.4.6100 |311296 |Normal |5 |C:\Program Files\Common Files\Doctor Web\Scanning Engine\ | |5032|NclMSBTSrvEx.exe |Microsoft Bluetooth Media Server |12.0.109.0 |6295552 |High |3 |C:\Program Files (x86)\PC Connectivity Solution\Transports\| |5084|jucheck.exe |Java Update Checker |2.8.111.14 |16416768 |Normal |7 |C:\Program Files (x86)\Common Files\Java\Java Update\ | |5448|WUDFHost.exe | | |0 |Normal |10 | | |5496|iexplore.exe |Internet Explorer |11.0.9600.18894|65810432 |Normal |14 |C:\Program Files\Internet Explorer\ | |5608|WUDFHost.exe | | |0 |Normal |8 | | |5628|WUDFHost.exe | | |0 |Normal |8 | | |6100|WUDFHost.exe | | |0 |Normal |8 | | |6300|iexplore.exe |Internet Explorer |11.0.9600.18894|661487616|Normal |34 |C:\Program Files (x86)\Internet Explorer\ | |7028|WmiPrvSE.exe | | |0 |Normal |5 | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ------------------------------------------------------------------------ ; Base Address: $40D000, Allocation Base: $400000, Region Size: 14688256 ; Allocation Protect: PAGE_EXECUTE_WRITECOPY, Protect: PAGE_EXECUTE_READ ; State: MEM_COMMIT, Type: MEM_IMAGE ; ; ; System._DynArrayClear (Line=0 - Offset=40) ; ------------------------------------------ 0040DD48 098B1250E8F7 OR [EBX-$0817AFEE], ECX 0040DD4E ?? ; unaccessible location Registers: ----------------------------- EAX: ???? EDI: ???? EBX: ???? ESI: ???? ECX: ???? EBP: ???? EDX: ???? ESP: ???? EIP: ???? FLG: ???? EXP: 0040DD50 STK: 0018ED44 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0018ED80: 00000000 0040DD50: FF 58 83 E8 08 E8 06 8E FF FF 58 C3 53 8B 18 85 .X........X.S... 0018ED7C: 00000000 0040DD60: D2 74 04 F0 FF 42 F8 85 DB 74 14 F0 FF 4B F8 75 .t...B...t...K.u 0018ED78: 00000000 0040DD70: 0E 50 52 89 CA FF 43 F8 E8 A3 FF FF FF 5A 58 89 .PR...C......ZX. 0018ED74: 00000000 0040DD80: 10 5B C3 90 85 C0 74 04 F0 FF 40 F8 C3 8D 40 00 .[....t...@...@. 0018ED70: 00000000 0040DD90: 55 8B EC 53 56 57 55 89 D6 8B 7D 08 89 C5 31 DB U..SVWU...}...1. 0018ED6C: 00000000 0040DDA0: 85 C9 7D 07 85 ED 74 20 8B 6D 00 31 C0 8A 47 01 ..}...t .m.1..G. 0018ED68: 00000000 0040DDB0: 01 C7 8B 04 9E F7 67 02 8B 7F 06 85 FF 74 02 8B ......g......t.. 0018ED64: 10322C14 0040DDC0: 3F 01 C5 43 39 CB 7E DC 89 E8 5D 5F 5E 5B 5D C2 ?..C9.~...]_^[]. 0018ED60: 0FE40111 0040DDD0: 04 00 8B C0 33 D2 85 C0 74 0F 0F B6 48 01 01 C8 ....3...t...H... 0018ED5C: 10300A0C 0040DDE0: 8B 48 06 85 C9 74 02 8B 11 8B C2 C3 53 56 8B D8 .H...t......SV.. 0018ED58: 77DAC511 0040DDF0: 33 F6 EB 0A 46 8B C3 E8 D8 FF FF FF 8B D8 85 DB 3...F........... 0018ED54: 10300A0C 0040DE00: 74 05 80 3B 11 74 ED 8B C6 5E 5B C3 85 C0 74 03 t..;.t...^[...t. 0018ED50: 0FE40011 0040DE10: 8B 40 FC C3 53 56 57 55 83 C4 F8 C6 04 24 01 8B .@..SVWU.....$.. 0018ED4C: 103009D4 0040DE20: D8 8B C2 E8 C4 FF FF FF 48 85 C0 7E 42 89 44 24 ........H..~B.D$ 0018ED48: 102F4EDC 0040DE30: 04 85 DB 74 34 8B C3 E8 D0 FF FF FF 8B F0 8B 03 ...t4........... 0018ED44: 10325DAC 0040DE40: E8 C7 FF FF FF 8B E8 4E 85 F6 7E 1B BF 01 00 00 .......N..~.....