1

Topic: Kompas Antivirus 3.2.0

Pada versi terbaru ini, dukungan penggunaan pada Windows 10 sudah tersedia. Untuk menghindari pengguna awam yang menghapus file sistem Windows yang terinfeksi virus (PE infector), Kompas akan menotifikasi pengguna akan adanya sistem yang terinfeksi atau corrupt saat program baru dijalankan.

Padaa versi sebelumnya Kompas tidak dapat melakukan scan pada file berukuran besar. Kini ukuran file yang di scan dapat mencapai 100 MB dan tidak mempengaruhi kecepatan scan.


Apa Yang Terbaru (06 Juni 2015)
----------------------------------
- Dukungan terhadap Windows 10.
- Notifikasi otomatis di awal jika file sistem terinfeksi virus atau corrupt.
- Dukungan scan file dengan ukuran hingga 100 MB.
- Perbaikan scan file executable dengan Zero Entry Point.
- Penambahan notifikasi scan pada removable media.
- Perbaikan bug di Quarantine dan Exception saat membaca karakter Unicode.
- Perbaikan minor bugs.

2

Re: Kompas Antivirus 3.2.0

KompasAV saya register pro. Ketika unduh Zemana, ada opsi file Save As atau Flashgot. Saya pilih opsi Flashgot dengan Opsi Unduh menggunakan Internet Download Manager. Saya cek RTP KompasAV Aktif, saya disable RTP. Saya unduh ulang dan muncul error di KompasAV. Saya klik Continue, gak selesai2. berikut log nya :

date/time          : 2015-06-10, 19:34:22, 879ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 1 second
program up time    : 2 minutes 53 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 994/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,82 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 48,37 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $00000000, $00000000, $c205d3d1
count              : 16
exception number   : 49
exception class    : Unknown
exception message  : Unknown.

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a50:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

thread $2e8:
772f656a +0a ntdll.dll                NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll           WaitForSingleObjectEx
7746c3ce +3e kernel32.dll             WaitForSingleObjectEx
7746c37d +0d kernel32.dll             WaitForSingleObject
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $9c0 at:
76bd25a7 +00 wininet.dll

date/time          : 2015-06-10, 19:34:23, 964ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 2 seconds
program up time    : 2 minutes 54 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 1000/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,82 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 44,42 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $854b44c0, $43c58cd9
count              : 24
exception number   : 52
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +91 KompasAV.exe uVenom 3302 +4 TForm1.OnNotify

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

thread $2e8:
772f656a +0a ntdll.dll                NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll           WaitForSingleObjectEx
7746c3ce +3e kernel32.dll             WaitForSingleObjectEx
7746c37d +0d kernel32.dll             WaitForSingleObject
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $9c0 at:
76bd25a7 +00 wininet.dll

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

date/time          : 2015-06-10, 19:34:24, 216ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 3 seconds
program up time    : 2 minutes 55 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 996/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,82 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 47,45 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $4b9c6799, $e9eb2837
exception number   : 53
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +091 KompasAV.exe uVenom         3302 +4 TForm1.OnNotify
75a250cc +04f USER32.dll                          DefWindowProcW
0051faa4 +02c KompasAV.exe Vcl.Controls           TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes         StdWndProc
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0052044f +5b3 KompasAV.exe Vcl.Controls           TWinControl.WndProc
005b94fa +5f2 KompasAV.exe Vcl.Forms              TCustomForm.WndProc
0051b728 +024 KompasAV.exe Vcl.Controls           TControl.Perform
0051c999 +015 KompasAV.exe Vcl.Controls           TControl.CMMouseLeave
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0051c41e +07e KompasAV.exe Vcl.Controls           TControl.WMMouseMove
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0052044f +5b3 KompasAV.exe Vcl.Controls           TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls           TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes         StdWndProc
7746ee1a +010 kernel32.dll                        BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

thread $2e8:
772f656a +0a ntdll.dll                NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll           WaitForSingleObjectEx
7746c3ce +3e kernel32.dll             WaitForSingleObjectEx
7746c37d +0d kernel32.dll             WaitForSingleObject
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $9c0 at:
76bd25a7 +00 wininet.dll

thread $a64:
>> stack not accessible

thread $f04:
>> stack not accessible

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

date/time          : 2015-06-10, 19:34:27, 766ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 6 seconds
program up time    : 2 minutes 58 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 999/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,81 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 48,31 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $09b2a438, $426ec728
exception number   : 64
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +91 KompasAV.exe uVenom    3302 +4 TForm1.OnNotify
005c3232 +56 KompasAV.exe Vcl.Forms         TApplication.DoActionIdle
005c3380 +b4 KompasAV.exe Vcl.Forms         TApplication.Idle
005c263b +17 KompasAV.exe Vcl.Forms         TApplication.HandleMessage
005c2961 +c9 KompasAV.exe Vcl.Forms         TApplication.Run
7746ee1a +10 kernel32.dll                   BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

date/time          : 2015-06-10, 19:34:30, 13ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 8 seconds
program up time    : 3 minutes
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 1017/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,83 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 44,45 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $0df60516, $92c64d4f
count              : 2
exception number   : 72
exception class    : EAccessViolation
exception message  : Access violation at address 00732211 in module 'KompasAV.exe'. Read of address 00000014.

main thread ($c4c):
00732211 +91 KompasAV.exe uVenom         3302  +4 TForm1.OnNotify
005dc474 +2c KompasAV.exe DirWatch        551  +3 TDirectoryWatch.Notify
005dc228 +5c KompasAV.exe DirWatch        439 +11 TDirectoryWatch.WatchWndProc
0048b2c8 +14 KompasAV.exe System.Classes          StdWndProc
75a2cc6b +0a USER32.dll                           DispatchMessageW
005c25eb +f3 KompasAV.exe Vcl.Forms               TApplication.ProcessMessage
005c262e +0a KompasAV.exe Vcl.Forms               TApplication.HandleMessage
005c2961 +c9 KompasAV.exe Vcl.Forms               TApplication.Run
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

date/time          : 2015-06-10, 19:34:37, 805ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 16 seconds
program up time    : 3 minutes 8 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 1023/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,83 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 45,18 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $f90b4068, $909fd2f2
exception number   : 102
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +091 KompasAV.exe uVenom         3302 +4 TForm1.OnNotify
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0051c41e +07e KompasAV.exe Vcl.Controls           TControl.WMMouseMove
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0052044f +5b3 KompasAV.exe Vcl.Controls           TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls           TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes         StdWndProc
7746ee1a +010 kernel32.dll                        BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

3

Re: Kompas Antivirus 3.2.0

Bug Report lanjutan, karena gak muat dalam 1 post

date/time          : 2015-06-10, 19:34:38, 12ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 16 seconds
program up time    : 3 minutes 8 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 1019/2037 MB (free/total)
free disk space    : (C:) 1,24 GB (G:) 291,82 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 49,41 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $c4db3b72, $be8e833c
exception number   : 103
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +091 KompasAV.exe uVenom         3302 +4 TForm1.OnNotify
005211ac +02c KompasAV.exe Vcl.Controls           TWinControl.WMMouseActivate
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0052044f +5b3 KompasAV.exe Vcl.Controls           TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls           TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes         StdWndProc
005222ec +01c KompasAV.exe Vcl.Controls           TWinControl.WMNCHitTest
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0051c14c +08c KompasAV.exe Vcl.Controls           TControl.DoMouseDown
0051c20b +047 KompasAV.exe Vcl.Controls           TControl.WMLButtonDblClk
0051bb04 +2d4 KompasAV.exe Vcl.Controls           TControl.WndProc
0052007e +1e2 KompasAV.exe Vcl.Controls           TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls           TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes         StdWndProc
7746ee1a +010 kernel32.dll                        BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

date/time          : 2015-06-10, 19:34:48, 650ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 27 seconds
program up time    : 3 minutes 19 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 1033/2037 MB (free/total)
free disk space    : (C:) 1,23 GB (G:) 291,81 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 45,17 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $e7533a3d, $197f1ffb
count              : 46
exception number   : 135
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +91 KompasAV.exe uVenom 3302 +4 TForm1.OnNotify
7746ee1a +10 kernel32.dll                BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

date/time          : 2015-06-10, 19:34:49, 189ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 6 minutes 28 seconds
program up time    : 3 minutes 20 seconds
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 1035/2037 MB (free/total)
free disk space    : (C:) 1,23 GB (G:) 291,81 MB
display mode       : 1024x768, 32 bit
process id         : $f30
allocated memory   : 45,17 MB
largest free block : 1,31 GB
command line       : "G:\Downloads\Programs\KompasAV\KompasAV.exe" /NOMUTEX
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $854b44c0, $0df60516, $92c64d4f
count              : 39
exception number   : 136
exception class    : Unknown
exception message  : Unknown.

main thread ($c4c):
00732211 +91 KompasAV.exe uVenom         3302  +4 TForm1.OnNotify
005dc474 +2c KompasAV.exe DirWatch        551  +3 TDirectoryWatch.Notify
005dc228 +5c KompasAV.exe DirWatch        439 +11 TDirectoryWatch.WatchWndProc
0048b2c8 +14 KompasAV.exe System.Classes          StdWndProc
75a2cc6b +0a USER32.dll                           DispatchMessageW
005c25eb +f3 KompasAV.exe Vcl.Forms               TApplication.ProcessMessage
005c262e +0a KompasAV.exe Vcl.Forms               TApplication.HandleMessage
005c2961 +c9 KompasAV.exe Vcl.Forms               TApplication.Run
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk

thread $7c8:
772f654a +0a ntdll.dll     NtWaitForMultipleObjects
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $870:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $91c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $8e0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $90c:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $9c0:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $a7c:
772f531a +0a ntdll.dll                NtDelayExecution
754f1870 +4f KERNELBASE.dll           SleepEx
754f1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
7746ee1a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $91c at:
75bbda8e +00 ole32.dll

thread $788 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $78c:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $a70: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $9c4:
772f5f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $2e0: <priority:1>
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($c4c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $280 (TDirWatchThread):
772f654a +0a ntdll.dll                             NtWaitForMultipleObjects
754f6a88 +00 KERNELBASE.dll                        WaitForMultipleObjectsEx
7746be29 +89 kernel32.dll                          WaitForMultipleObjectsEx
7746be97 +13 kernel32.dll                          WaitForMultipleObjects
005dbd3a +9e KompasAV.exe   DirWatch       181 +12 TDirWatchThread.Execute
004cb8b3 +2b KompasAV.exe   madExcept              HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes         ThreadProc
00408128 +28 KompasAV.exe   System          14  +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept              CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept              ThreadExceptFrame
7746ee1a +10 kernel32.dll                          BaseThreadInitThunk
>> created by main thread ($c4c) at:
005dbf73 +8b KompasAV.exe   DirWatch       292 +33 TDirWatchThread.Create

thread $34c (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $bac (TRegistryWatchdog):
772f656a +0a ntdll.dll                            NtWaitForSingleObject
754f1796 +66 KERNELBASE.dll                       WaitForSingleObjectEx
7746c3ce +3e kernel32.dll                         WaitForSingleObjectEx
7746c37d +0d kernel32.dll                         WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
7746ee1a +10 kernel32.dll                         BaseThreadInitThunk
>> created by main thread ($c4c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $acc:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cb8 (TValKey):
772f531a +0a ntdll.dll                           NtDelayExecution
754f1870 +4f KERNELBASE.dll                      SleepEx
754f1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
7746ee1a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($c4c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $820:
772f657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
7746ee1a +10 kernel32.dll  BaseThreadInitThunk

thread $cec:
772f656a +00a ntdll.dll                         NtWaitForSingleObject
754f1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
7746c3ce +03e kernel32.dll                      WaitForSingleObjectEx
7746c37d +00d kernel32.dll                      WaitForSingleObject
00718d23 +017 KompasAV.exe   madCodeHook 503 +0 LpcWorkerThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
7746ee1a +010 kernel32.dll                      BaseThreadInitThunk
>> created by thread $2e0 at:
00718f3b +173 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread

disassembling:
[...]
007321d4        call    -$32895d ($40987c)     ; System.Pos
007321d4
007321d9        test    eax, eax
007321db        jnz     loc_7322a0
007321db
007321e1        mov     edx, [ebp-4]
007321e4        mov     eax, $73230c
007321e9        call    -$328972 ($40987c)     ; System.Pos
007321e9
007321ee        test    eax, eax
007321f0        jnz     loc_7322a0
007321f0
007321f6        mov     edx, [ebp-4]
007321f9        mov     eax, $732328
007321fe        call    -$328987 ($40987c)     ; System.Pos
007321fe
00732203        test    eax, eax
00732205        jnz     loc_7322a0
00732205
0073220b        mov     eax, [edi+$680]
00732211      > mov     edx, [eax+$14]
00732214        lea     eax, [ebp-$10]
00732217        mov     ecx, esi
00732219        call    -$328d1e ($409500)     ; System.@UStrCat3
00732219
0073221e        mov     eax, [ebp-$10]
00732221        lea     edx, [ebp-$c]
00732224        call    -$2dffb5 ($452274)     ; System.SysUtils.ExtractFileExt
00732224
00732229        mov     eax, [ebp-$c]
0073222c        lea     edx, [ebp-8]
0073222f        call    -$2e20dc ($450158)     ; System.SysUtils.LowerCase
0073222f
00732234        mov     eax, [ebp-8]
00732237        mov     edx, $732344
0073223c        call    -$3289c5 ($40987c)     ; System.Pos
0073223c
00732241        test    eax, eax
00732243        jz      loc_7322a0
00732243
00732245 3310   mov     eax, [edi+$680]
[...]

4

Re: Kompas Antivirus 3.2.0

Sample Virut, di remove gak mau hilang di dalam list quarantine kompas antivirus
http://s9.postimg.org/5zlkvs9kv/screenshot_112.png

5

Re: Kompas Antivirus 3.2.0

Ada user yang lapor kalau sering stopped working ketika scan di tengah2 jalan
https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-xfa1/t31.0-8/11538965_403114399874786_6587793140649508425_o.jpg

6

Re: Kompas Antivirus 3.2.0

Reset Browser tidak berfungsi

http://s9.postimg.org/40a11hlkv/screenshot_172.png

7

Re: Kompas Antivirus 3.2.0

Setelah Scan File ini
http://s9.postimg.org/tkcb7x6yn/screenshot_176.png

date/time          : 2015-07-18, 09:50:48, 837ms
computer name      : INDRA-PC
user name          : Indra <admin>
registered owner   : Indra
operating system   : Windows 7 Service Pack 1 build 7601
system language    : Indonesian
system up time     : 1 hour 19 minutes
program up time    : 1 hour 16 minutes
processors         : 2x Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
physical memory    : 346/2037 MB (free/total)
free disk space    : (C:) 1010,43 MB (G:) 730,50 MB
display mode       : 1024x768, 32 bit
process id         : $18b8
allocated memory   : 48,01 MB
largest free block : 1,24 GB
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $ab6b6c9b, $615e068d, $082f5e36
exception number   : 1
exception class    : EInvalidPointer
exception message  : Invalid pointer operation.

main thread ($18bc):
00408302 +26 KompasAV.exe System           14  +0 @UStrArrayClr
00730f66 +ca KompasAV.exe uVenom         2871 +17 TForm1.ShowItemTimer
0056a8a7 +0f KompasAV.exe Vcl.ExtCtrls            TTimer.Timer
0056a78b +2b KompasAV.exe Vcl.ExtCtrls            TTimer.WndProc
0048b2c8 +14 KompasAV.exe System.Classes          StdWndProc
75e3cc6b +0a USER32.dll                           DispatchMessageW
005c25eb +f3 KompasAV.exe Vcl.Forms               TApplication.ProcessMessage
005c262e +0a KompasAV.exe Vcl.Forms               TApplication.HandleMessage
005c2961 +c9 KompasAV.exe Vcl.Forms               TApplication.Run
759bee6a +10 kernel32.dll                         BaseThreadInitThunk

thread $18c4:
7759654a +0a ntdll.dll       NtWaitForMultipleObjects
755a6a88 +00 KERNELBASE.dll  WaitForMultipleObjectsEx
759bbe71 +89 kernel32.dll    WaitForMultipleObjectsEx
759bbedf +13 kernel32.dll    WaitForMultipleObjects
759bee6a +10 kernel32.dll    BaseThreadInitThunk

thread $18c8:
7759531a +0a ntdll.dll       NtDelayExecution
755a1870 +4f KERNELBASE.dll  SleepEx
755a1813 +0a KERNELBASE.dll  Sleep
775acb09 +63 ntdll.dll       bsearch
759bee6a +10 kernel32.dll    BaseThreadInitThunk

thread $18d0:
7759654a +0a ntdll.dll     NtWaitForMultipleObjects
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $1980:
7759531a +0a ntdll.dll                NtDelayExecution
755a1870 +4f KERNELBASE.dll           SleepEx
755a1813 +0a KERNELBASE.dll           Sleep
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
759bee6a +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $18e4 at:
7706da8e +00 ole32.dll

thread $1b80 (TValKey):
7759531a +0a ntdll.dll                           NtDelayExecution
755a1870 +4f KERNELBASE.dll                      SleepEx
755a1813 +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
759bee6a +10 kernel32.dll                        BaseThreadInitThunk
>> created by main thread ($18bc) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $1b84 (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $1bac:
77595f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
759bee6a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($18bc) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $1bb0: <priority:1>
7759656a +00a ntdll.dll                         NtWaitForSingleObject
755a1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
759bc40e +03e kernel32.dll                      WaitForSingleObjectEx
759bc3bd +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
759bee6a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($18bc) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $1bc8:
77595f6a +00a ntdll.dll                       NtReplyWaitReceivePort
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
759bee6a +010 kernel32.dll                    BaseThreadInitThunk
>> created by main thread ($18bc) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $1bcc: <priority:1>
7759656a +00a ntdll.dll                         NtWaitForSingleObject
755a1796 +066 KERNELBASE.dll                    WaitForSingleObjectEx
759bc40e +03e kernel32.dll                      WaitForSingleObjectEx
759bc3bd +00d kernel32.dll                      WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
759bee6a +010 kernel32.dll                      BaseThreadInitThunk
>> created by main thread ($18bc) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $5e58:
7759654a +0a ntdll.dll                NtWaitForMultipleObjects
755a6a88 +00 KERNELBASE.dll           WaitForMultipleObjectsEx
759bbe71 +89 kernel32.dll             WaitForMultipleObjectsEx
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
759bee6a +10 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($18bc) at:
6dabe7bc +00 clr.dll

thread $5e5c: <priority:2>
7759654a +0a ntdll.dll                NtWaitForMultipleObjects
755a6a88 +00 KERNELBASE.dll           WaitForMultipleObjectsEx
759bbe71 +89 kernel32.dll             WaitForMultipleObjectsEx
004cb795 +0d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept ThreadExceptFrame
759bee6a +10 kernel32.dll             BaseThreadInitThunk
>> created by main thread ($18bc) at:
6db3be93 +00 clr.dll

thread $5e60:
7759531a +00a ntdll.dll                NtDelayExecution
755a1870 +04f KERNELBASE.dll           SleepEx
755a1813 +00a KERNELBASE.dll           Sleep
6f46246e +14e OCUtil_x86.dll           ?workerThreadLoop@RemotePathChecker@@AAEXXZ
004cb795 +00d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept ThreadExceptFrame
759bee6a +010 kernel32.dll             BaseThreadInitThunk
>> created by thread $58dc at:
6975bf9b +062 MSVCR120.dll             _beginthreadex

thread $6004:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $9bc8:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $afa0:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $afb0:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $b2dc:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $bba8:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $c674:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $cb64:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

thread $ccfc:
7759657a +0a ntdll.dll     NtWaitForWorkViaWorkerFactory
759bee6a +10 kernel32.dll  BaseThreadInitThunk

disassembling:
004082dc    public System.@UStrArrayClr:     ; function entry point
004082dc 14   push    ebx
004082dd      push    esi
004082de      mov     ebx, eax
004082e0      mov     esi, edx
004082de
004082e2    loc_4082e2:
004082e2      mov     edx, [ebx]
004082e4      test    edx, edx
004082e6      jz      loc_408302
004082e6
004082e8      mov     dword ptr [ebx], 0
004082ee      mov     ecx, [edx-8]
004082f1      dec     ecx
004082f2      jl      loc_408302
004082f2
004082f4      lock dec dword ptr [edx-8]
004082f8      jnz     loc_408302
004082f8
004082fa      lea     eax, [edx-$c]
004082fd      call    -$3d22 ($4045e0)       ; System.@FreeMem
004082fd
00408302    loc_408302:
00408302    > add     ebx, 4
00408305      dec     esi
00408306      jnz     loc_4082e2
00408306
00408308      pop     esi
00408309      pop     ebx
0040830a      ret

8

Re: Kompas Antivirus 3.2.0

bug ketika update db 788

date/time          : 2015-08-13, 12:38:05, 123ms
computer name      : AHMAD
user name          : FAIZ <admin>
registered owner   : Windows User
operating system   : Windows 8 x64 build 9200
system language    : English
system up time     : 1 day 3 hours
program up time    : 13 minutes 6 seconds
processors         : 4x Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
physical memory    : 4181/6044 MB (free/total)
free disk space    : (C:) 67.31 GB
display mode       : 1366x768, 32 bit
process id         : $1834
allocated memory   : 47.48 MB
largest free block : 999.50 MB
command line       : C:\Kompas\KompasAV.exe /Auto
executable         : KompasAV.exe
exec. date/time    : 2015-06-05 16:53
version            : 3.2.59902.30412
compiled with      : Delphi XE2
madExcept version  : 4.0.11
callstack crc      : $015cee7c, $d0b60105, $da70e87f
exception number   : 1
exception class    : EAccessViolation
exception message  : Access violation at address 015CEE7C. Read of address 015CEE7C.

main thread ($179c):
015cee7c +000 ???
0051c498 +038 KompasAV.exe Vcl.Controls   TControl.DoMouseUp
0051c514 +070 KompasAV.exe Vcl.Controls   TControl.WMLButtonUp
0051bb04 +2d4 KompasAV.exe Vcl.Controls   TControl.WndProc
0052007e +1e2 KompasAV.exe Vcl.Controls   TWinControl.WndProc
758d4f7e +0fe USER32.dll                  GetWindowLongW
0051faa4 +02c KompasAV.exe Vcl.Controls   TWinControl.MainWndProc
0051b728 +024 KompasAV.exe Vcl.Controls   TControl.Perform
0051fd30 +0ac KompasAV.exe Vcl.Controls   TWinControl.IsControlMouseMsg
005202cb +42f KompasAV.exe Vcl.Controls   TWinControl.WndProc
0051faa4 +02c KompasAV.exe Vcl.Controls   TWinControl.MainWndProc
0048b2c8 +014 KompasAV.exe System.Classes StdWndProc
758d3e4b +00b USER32.dll                  DispatchMessageW
005c25eb +0f3 KompasAV.exe Vcl.Forms      TApplication.ProcessMessage
005c262e +00a KompasAV.exe Vcl.Forms      TApplication.HandleMessage
005c2961 +0c9 KompasAV.exe Vcl.Forms      TApplication.Run
774e3742 +022 KERNEL32.DLL                BaseThreadInitThunk

thread $d9c:
774e3742 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $de8:
774e3742 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $131c:
774e3742 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $278:
774e3742 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $1e1c:
774e3742 +22 KERNEL32.DLL  BaseThreadInitThunk

thread $123c (TValKey):
777d13c2 +92 KERNELBASE.dll                      SleepEx
777d131a +0a KERNELBASE.dll                      Sleep
00489005 +01 KompasAV.exe   System.Classes       TThread.Sleep
004cb8b3 +2b KompasAV.exe   madExcept            HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes       ThreadProc
00408128 +28 KompasAV.exe   System         14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept            CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept            ThreadExceptFrame
774e3742 +22 KERNEL32.DLL                        BaseThreadInitThunk
>> created by main thread ($179c) at:
00488328 +18 KompasAV.exe   System.Classes       TThread.Create

thread $128c (TWndProc): <suspended>
006c5881 +d KompasAV.exe uProcessWnd 36 +1 TWndProc.Execute

thread $10cc:
777d1280 +130 KERNELBASE.dll           WaitForMultipleObjectsEx
004cb795 +00d KompasAV.exe   madExcept CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept ThreadExceptFrame
774e3742 +022 KERNEL32.DLL             BaseThreadInitThunk
>> created by main thread ($179c) at:
7571dc7b +000 combase.dll

thread $13cc:
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
774e3742 +022 KERNEL32.DLL                    BaseThreadInitThunk
>> created by main thread ($179c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $ee8: <priority:1>
777c8d03 +093 KERNELBASE.dll                    WaitForSingleObjectEx
777c8c5d +00d KERNELBASE.dll                    WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
774e3742 +022 KERNEL32.DLL                      BaseThreadInitThunk
>> created by main thread ($179c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $1c18:
00719154 +030 KompasAV.exe madCodeHook 503 +0 LpcPortThread
004cb795 +00d KompasAV.exe madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe madExcept          ThreadExceptFrame
774e3742 +022 KERNEL32.DLL                    BaseThreadInitThunk
>> created by main thread ($179c) at:
0071962c +270 KompasAV.exe madCodeHook 503 +0 CreateLpcQueue

thread $1534: <priority:1>
777c8d03 +093 KERNELBASE.dll                    WaitForSingleObjectEx
777c8c5d +00d KERNELBASE.dll                    WaitForSingleObject
00718dda +012 KompasAV.exe   madCodeHook 503 +0 LpcDispatchThread
004cb795 +00d KompasAV.exe   madExcept          CallThreadProcSafe
004cb7ff +037 KompasAV.exe   madExcept          ThreadExceptFrame
774e3742 +022 KERNEL32.DLL                      BaseThreadInitThunk
>> created by main thread ($179c) at:
0071964d +291 KompasAV.exe   madCodeHook 503 +0 CreateLpcQueue

thread $18a4 (TRegistryWatchdog):
777c8d03 +93 KERNELBASE.dll                       WaitForSingleObjectEx
777c8c5d +0d KERNELBASE.dll                       WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
774e3742 +22 KERNEL32.DLL                         BaseThreadInitThunk
>> created by main thread ($179c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create

thread $51c (TRegistryWatchdog):
777c8d03 +93 KERNELBASE.dll                       WaitForSingleObjectEx
777c8c5d +0d KERNELBASE.dll                       WaitForSingleObject
007250e7 +33 KompasAV.exe   WatchReg       389 +6 TRegistryWatchdog.Execute
004cb8b3 +2b KompasAV.exe   madExcept             HookedTThreadExecute
0048829e +42 KompasAV.exe   System.Classes        ThreadProc
00408128 +28 KompasAV.exe   System          14 +0 ThreadWrapper
004cb795 +0d KompasAV.exe   madExcept             CallThreadProcSafe
004cb7ff +37 KompasAV.exe   madExcept             ThreadExceptFrame
774e3742 +22 KERNEL32.DLL                         BaseThreadInitThunk
>> created by main thread ($179c) at:
00724fa2 +1e KompasAV.exe   WatchReg       354 +1 TRegistryWatchdog.Create