RAPPORT HIJACTHIS INFECTION ROGUE+GAMESBAR

bonjour,
je reposte un rapport hijacthis+rapport malwarebytes.j'etais en contact avec admiralc qui a du stopper l'analyse de mon système pour raison personnelle.a sa demande j'ai télécharger antivir +malwarebytes.apparement l'utilistation de MALWAREBYTE n'enlève pas completement les infections ou ils reviennent via des sites que je n'ai pas identifier.
a votre écoute pour achever ma déinfection
cordialement
jp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:50, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.94.90.90:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BBCDD4-27E4-47D0-9FF9-D0D6A012ACA9}: NameServer = 213.36.80.1
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7442 bytes

Malwarebytes' Anti-Malware 1.36
Database version: 1948
Windows 5.1.2600 Service Pack 3

13/05/2009 17:24:07
mbam-log-2009-05-13 (17-24-07).txt

Scan type: Quick Scan
Objects scanned: 71218
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Êtes-vous au courrant que vous utilisez un proxy ?
BONJOUR
non pas officiellement recemment j'ai appele ALICE suite à un problème de connection il m'ont demendé de rentre manuellement mon adresse ip +serveur dns.mes enfants utilise messenger MSN.Y A T IL UN DANGER OU UNE MENACE doit on règler ce point avant de faire la suite que vous me proposée.
cordialement
@+

Ensuite faire ceci:

Télécharger combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Désactiver votre antivirus avant d'exécuter le logiciel en cliquant dessus.

Ensuite attendre que le log soit fini. Ne rien toucher avant la fin.

La barre démarrer peut disparaître et c'est normal.

Le rapport est dans "Bloc note" et vous pouvez le sauvegarder.

Pour me copier/coller les log dans le "Bloc note" vous allez dans le menu Édition et cliquer sur "Sélectionner tout" et retourner dans "Édition" et cliquer sur "copier"
Sur le forum, faire un click droit et cliquer sur "coller".[/quotemsg]

bonjour

les numéro indiqués ne sont pas du tout ceux donnés par alice.ou puis je trouver ces numéro pour verification dois les supprimer
ci dessous le rapport demandé.
je vois pour mettre à jour acrobat reader 5
merci
@+
ComboFix 09-05-14.07 - jpierre 15/05/2009 18:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.677 [GMT 2:00]
Lancé depuis: c:\documents and settings\jpierre\Mes documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-15 au 2009-05-15 ))))))))))))))))))))))))))))))))))))
.

2009-05-14 16:39 . 2009-05-14 16:39 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-10 18:14 . 2009-05-10 18:14 -------- d-----w c:\documents and settings\jessica\Application Data\Malwarebytes
2009-05-06 17:33 . 2009-05-06 17:37 -------- d-----r c:\documents and settings\LocalService\Mes documents
2009-05-06 17:30 . 2009-05-06 17:30 -------- d-----r c:\documents and settings\LocalService\Favoris
2009-05-02 15:00 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-02 14:59 . 2009-05-02 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-02 14:59 . 2009-05-02 14:59 -------- d-----w c:\program files\Avira
2009-04-29 16:49 . 2009-04-29 16:49 -------- d-----w c:\documents and settings\jean-pierre\Application Data\Malwarebytes
2009-04-23 17:15 . 2009-04-23 17:15 -------- d-----w c:\windows\uninstall\OVplan
2009-04-23 17:13 . 2009-04-23 17:15 -------- d-----w c:\program files\Oventrop
2009-04-23 17:12 . 2009-04-23 17:15 -------- d-----w c:\windows\uninstall
2009-04-23 17:12 . 2009-04-23 17:13 -------- d-----w c:\windows\uninstall\OVselect
2009-04-17 16:55 . 2009-04-17 16:55 -------- d-----w c:\documents and settings\jean-pierre\Application Data\OpenOffice.org
2009-04-17 16:47 . 2009-04-17 16:47 -------- d-----w c:\documents and settings\jpierre\Application Data\OpenOffice.org
2009-04-17 16:45 . 2009-04-17 16:45 -------- d-----w c:\program files\JRE
2009-04-17 16:44 . 2009-04-17 16:45 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-16 18:35 . 2009-04-16 18:35 -------- d-----w c:\program files\VirusTotalUploader
2009-04-16 09:01 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 09:01 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 09:01 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 09:01 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 09:01 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 09:01 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 09:01 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 09:01 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 09:01 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 09:01 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 09:00 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-16 09:00 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 17:33 . 2006-06-17 10:52 -------- d-----w c:\program files\Steam
2009-05-09 14:05 . 2006-06-29 08:26 63280 ----a-w c:\documents and settings\jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 13:10 . 2006-06-16 22:30 63280 ----a-w c:\documents and settings\jean-pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 09:13 . 2003-04-25 21:46 72590 ----a-w c:\windows\system32\perfc00C.dat
2009-04-16 09:13 . 2003-04-25 21:46 464926 ----a-w c:\windows\system32\perfh00C.dat
2009-04-14 18:18 . 2008-11-17 17:33 59104 ----a-w c:\documents and settings\jpierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 10:15 . 2008-11-03 18:45 -------- d-----w c:\program files\BitDefender
2009-04-11 09:49 . 2006-12-13 15:04 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-11 09:46 . 2009-04-11 09:46 -------- d-----w c:\program files\VS Revo Group
2009-04-10 16:54 . 2009-04-10 16:54 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-04-10 16:54 . 2006-06-18 09:21 -------- d-----w c:\program files\Fichiers communs\Real
2009-04-10 16:53 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-10 16:53 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 17:48 . 2009-04-06 16:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2009-04-06 16:57 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-04-06 16:57 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 12:55 . 2009-04-03 12:55 -------- d-----w c:\program files\Trend Micro
2009-03-06 14:20 . 2003-04-25 21:45 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2003-04-25 21:45 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2006-06-16 22:23 78336 ----a-w c:\windows\system32\ieencode.dll
2008-12-05 17:31 . 2008-12-05 17:31 2972904 ----a-w c:\program files\ccsetup214.exe
2008-12-03 18:36 . 2008-12-03 18:36 81876320 ----a-w c:\program files\BitDefender_Internet_Security_2009-32bits-fr.exe
2009-04-06 18:18 . 2009-04-06 18:18 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-10 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\jean-pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kd2a\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kd2a\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kd2a\\opposing force\\hl.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\naked_snakiii\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\HLSW\\hlsw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareazaTCP
"6346:UDP"= 6346:UDP:shareazaUDP
"3543:TCP"= 3543:TCP:limewireTCP
"3543:UDP"= 3543:UDP:limewireUDP
"6666:TCP"= 6666:TCP:emule TCP
"6667:UDP"= 6667:UDP:emule UDP

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14/08/2002 15:11 5632]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/05/2009 17:00 108289]
R2 CX88XBAR;Conexant 2388x Crossbar;c:\windows\system32\drivers\cx88xbar.sys [16/06/2006 23:48 6528]
R2 navi;VeriSign Updater;c:\program files\VeriSign\NAVI\naviagent.exe uimode=agentupdate --> c:\program files\VeriSign\NAVI\naviagent.exe uimode=agentupdate [?]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [25/12/2006 20:06 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [25/12/2006 20:06 500480]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys --> c:\program files\Softwin\BitDefender9\filespy.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 111112]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11/05/2005 14:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11/05/2005 14:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11/05/2005 14:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11/05/2005 14:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11/05/2005 14:12 77072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [06/04/2009 18:57 38496]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\Vibe-500.sys [12/08/2006 16:34 7552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.aliceadsl.fr/
mStart Page = hxxp://www.trooner.com/
TCP: {A5BBCDD4-27E4-47D0-9FF9-D0D6A012ACA9} = 213.36.80.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 18:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-05-15 18:57
ComboFix-quarantined-files.txt 2009-05-15 16:57

Avant-CF: 21 712 240 640 octets libres
Après-CF: 22 576 156 672 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
164 --- E O F --- 2009-05-13 17:41

Bonjour,

j'ai desinstallé mon ancienne version adobe et télécharger la nouvelle.Je ne trouve pas de fichier gamesbar dans le répertoire Progammes Files j'ai deux fichier "Gamenext " dossier vide +Gamespy arcade avec un dossier text install.

pour la ligne 017 les valeurs sont je crois que c'est les valeurs données par alice .je n'en suis pas absolument sur mais je peux les appeler pour vérifier.les valeurs des R1 et 017 sont elles lièes ou puis je cocher et fixer que la ligne R1.
L'analyse avec ton programme a t elle trouvée qquelque chose ou pas .
@+
cordialement

Pour la ligne proxy R1 si seulement une session la posède je supprimerais cette ligne avec Hijackthis et redémarrer. Si jamais pour une raison quelqu'onque vous avez un problème Internet relier votre Fai va vous redonnez le bon paramètres. Il n'y a pas de chance à prendre car comme on est pas certain il se peut que cette session soit espionner par un proxy.

Combofix est correct.


Pour les virus trouvé comme indiqué il semble que le soit des faux-positif car il met FakeAlert. Si d'autre sur forum on des infos cela serait bien.

Cocher et fix checked les 2 lignes inutiles suivantes:

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Également votre malwarebytes' vous avez bien fait ceci configurer comme ceci:

Cliquer sur l'onglet "mise à jour" et sur "Recherche de mise à jour" pour la version gratuite avant chaque scan.

Dans l'onglet "Recherche" ,Vérifier que c'est bien "Exécuter un examen complet" qui est coché et appuyer le bouton "Rechercher".

Pour terminée vérifier s'il vous avez les répertoires ou fichiers suivant et si oui les supprimers:

Mais pour mieux les voirs faire ceci ce n'est pas déjà fait:

Allez dans Explorateur Windows ou "Poste de travail" allez sur Outils - Options dossier - Affichage et cocher "afficher les dossiers et fichier cachés" et vous décochez la case "Masquer les extensions des fichiers dont le type est connu".


c:\Documents and Settings\All Users\Application Data\GamesBar
c:\Documents and Settings\All Users\Application Data\Tarma Installer
c:\Program Files\Common Files\Oberon Media\Odyssey.dll
c:\Documents and Settings\Owner\Desktop\3D Ultra Minigolf Adventures.lnk
c:\Documents and Settings\Owner\Desktop\IncrediGames.lnk

Dans le menu démarrer supprimer les 2 entrer suivante: Oberon Media et gamebar.

Une fois terminée il est important de désactiver la restauration de Windows et appliquer et ensuite la ré-activer et appliquer. Cela va permettre de vider la restauration des virus passés. Vous pouvez recréer un point de restauration manuellement sinon quelque jour et il le refait.

Remplacer Owner par le nom de votre session.

Pour les 2 icônes du menu démarrer seulement faire bouton de droit sur l'icône et supprimer.

Lorsque que l'explorateur plante, Cliquer sur détail et quel fichier le fait planter ?

Également utilisez-vous le logiciel de nettoyage Ccleaner ?

Si non je vous le recommande fortement car il nettoie les fichiers temporaire et ligne inutile du régistre sans risque. Donc cela peu aider pour vos problème. Attention de ne pas installer la toolbar dans l'installation. Elle est coché par défaut.

Ok le Rundll32.exe peut-être relier à beaucoup de chose. Mettons les plug-ins à jours et nous chercherons le problème après si cela vient trop souvent.

Voici les liens:

Plug-ins pour Internet Explorer français:

Flash: http://www.adobe.com/shockwave/dow [...] moid=BPCKN Attention! décochez la toolbar si vous ne la voulez pas.
Shockwave: http://www.adobe.com/shockwave/dow [...] age=French Attention! décochez la toolbar si vous ne la voulez pas.
Java: http://www.java.com/fr/

Édit:

Vériifer dans je journal d'évènement et copier/coller les erreurs relier a DrWatson et Explorer.

Un peu d'aide pour le journal d'évènement: http://www.thesiteoueb.net/modules [...] .php?t=505

Oui, tout semble beau. Si vous avez enlever la restauration la remettre. Désinstaller Combofix.

Les erreur du journal d'évènement son dans la parti Application pour celle qui nous concerne et normalment on met celle qui correspond à l'heure du dernier plantage seulement car oui, il y en a des tonnes de copies.

Si tout c'est replacé tant mieux.

rebonjour,

j'ai trouve le fichier DR WATSON et je poste le rapport le rapport et long mais je n'ai rien epuré.

Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. Tous droits réservés.
Une exception d'application s'est produite :
App : C:\WINDOWS\explorer.exe (pid=3876)
Lorsque : 24/05/2009 @ 12:26:04.203
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SN100673850008
Nom utilisateur : jpierre
ID de la session Terminal : 0
Nombre de processeurs : 2
Type de processeur : x86 Family 15 Model 2 Stepping 9
Version de Windows : 5.1
Numéro actuel : 2600
Service Pack : 3
Type actuel : Multiprocessor Free
Organisation enregistrée :
Propriétaire enregistré : jean-pierre

*----> Liste des tâches <----*
0 System Process
4 System
552 smss.exe
600 csrss.exe
628 winlogon.exe
672 services.exe
684 lsass.exe
900 svchost.exe
960 svchost.exe
1024 livesrv.exe
1036 svchost.exe
1144 svchost.exe
1188 svchost.exe
1360 spoolsv.exe
1412 sched.exe
1476 svchost.exe
1524 avguard.exe
1536 AppleMobileDeviceService.exe
1596 ehSched.exe
1644 GhostStartService.exe
1732 jqs.exe
1792 LSSrvc.exe
1980 naviagent.exe
180 slserv.exe
208 svchost.exe
308 wdfmgr.exe
2496 NAVICL~1.EXE
2716 alg.exe
3308 svchost.exe
404 V0230Mon.exe
648 realsched.exe
3044 avgnt.exe
3060 jusched.exe
3096 ctfmon.exe
3124 msnmsgr.exe
3588 uWDF.exe
3876 explorer.exe
1000 drwtsn32.exe

*----> Liste des modules <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000001000000 - 0000000001100000: C:\WINDOWS\explorer.exe
(0000000001100000 - 00000000013da000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001940000 - 000000000194a000: C:\WINDOWS\system32\WMDMLOG.dll
(0000000002100000 - 0000000002107000: C:\WINDOWS\system32\WdfApi.dll
(0000000002190000 - 0000000002196000: C:\WINDOWS\system32\wpdtrace.dll
(0000000002720000 - 0000000002786000: C:\WINDOWS\system32\wpdsp.dll
(0000000002f80000 - 0000000003107000: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
(0000000003c90000 - 0000000003cdc000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
(00000000070d0000 - 000000000710b000: C:\WINDOWS\system32\WMASF.DLL
(00000000086d0000 - 0000000008917000: C:\WINDOWS\system32\WMVCore.DLL
(0000000008d60000 - 0000000008d98000: C:\WINDOWS\system32\MsPMSP.dll
(0000000008df0000 - 0000000008e41000: C:\WINDOWS\system32\MSWMDM.dll
(0000000008e60000 - 0000000008e6b000: C:\WINDOWS\system32\WMDMPS.dll
(0000000010000000 - 0000000010011000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(000000001f840000 - 000000001f858000: C:\WINDOWS\system32\odbcint.dll
(00000000200e0000 - 00000000200ee000: C:\WINDOWS\system32\eappprxy.dll
(0000000043e00000 - 0000000043e45000: C:\WINDOWS\system32\iertutil.dll
(0000000043ff0000 - 0000000043ffa000: C:\WINDOWS\system32\jsproxy.dll
(0000000044080000 - 0000000044150000: C:\WINDOWS\system32\WININET.dll
(00000000442b0000 - 00000000442ec000: C:\WINDOWS\system32\webcheck.dll
(0000000044360000 - 000000004492d000: C:\WINDOWS\system32\ieframe.dll
(0000000045180000 - 00000000452a7000: C:\WINDOWS\system32\urlmon.dll
(0000000058b50000 - 0000000058bea000: C:\WINDOWS\system32\comctl32.dll
(00000000595b0000 - 000000005977a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(000000005b090000 - 000000005b0c8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b660000 - 000000005b66a000: C:\WINDOWS\system32\dot3api.dll
(000000005b950000 - 000000005b9c3000: C:\WINDOWS\System32\themeui.dll
(000000005cea0000 - 000000005cec6000: C:\WINDOWS\system32\ShimEng.dll
(000000005f140000 - 000000005f157000: C:\WINDOWS\system32\olepro32.dll
(000000005ffb0000 - 000000005ffe3000: C:\WINDOWS\System32\msutb.dll
(0000000062dc0000 - 0000000062dc9000: C:\WINDOWS\system32\LPK.DLL
(0000000062e40000 - 0000000062e99000: C:\WINDOWS\system32\hnetcfg.dll
(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll
(00000000698e0000 - 00000000698f6000: C:\WINDOWS\system32\faultrep.dll
(000000006c650000 - 000000006c69d000: C:\WINDOWS\system32\DUSER.dll
(000000006da60000 - 000000006da82000: C:\WINDOWS\system32\eappcfg.dll
(000000006fee0000 - 000000006ff35000: C:\WINDOWS\system32\NETAPI32.dll
(0000000071600000 - 0000000071613000: C:\WINDOWS\system32\browselc.dll
(0000000071990000 - 00000000719d0000: C:\WINDOWS\system32\mswsock.dll
(00000000719d0000 - 00000000719d8000: C:\WINDOWS\System32\wshtcpip.dll
(00000000719e0000 - 00000000719e8000: C:\WINDOWS\system32\WS2HELP.dll
(00000000719f0000 - 0000000071a07000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a10000 - 0000000071a1a000: C:\WINDOWS\system32\wsock32.dll
(0000000071a60000 - 0000000071a72000: C:\WINDOWS\system32\MPR.dll
(0000000071b50000 - 0000000071b63000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071b70000 - 0000000071b7e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071be0000 - 0000000071be7000: C:\WINDOWS\System32\NETRAP.dll
(0000000071bf0000 - 0000000071c30000: C:\WINDOWS\System32\NETUI1.dll
(0000000071c30000 - 0000000071c47000: C:\WINDOWS\System32\NETUI0.dll
(0000000072640000 - 0000000072646000: C:\WINDOWS\system32\dot3dlg.dll
(0000000072c60000 - 0000000072c68000: C:\WINDOWS\system32\msacm32.drv
(0000000072c70000 - 0000000072c79000: C:\WINDOWS\system32\wdmaud.drv
(0000000073990000 - 00000000739b8000: C:\WINDOWS\system32\OneX.DLL
(0000000073af0000 - 0000000073b04000: C:\WINDOWS\System32\sti.dll
(0000000074690000 - 00000000746dc000: C:\WINDOWS\system32\MSCTF.dll
(0000000074730000 - 000000007476d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074a40000 - 0000000074a48000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074a50000 - 0000000074a57000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074a60000 - 0000000074a6a000: C:\WINDOWS\system32\BatMeter.dll
(0000000075140000 - 000000007516e000: C:\WINDOWS\system32\msctfime.ime
(00000000753c0000 - 000000007542b000: C:\WINDOWS\system32\USP10.dll
(0000000075900000 - 00000000759fa000: C:\WINDOWS\system32\MSGINA.dll
(0000000075d30000 - 0000000075dc1000: C:\WINDOWS\system32\MLANG.dll
(0000000075ef0000 - 0000000075ef7000: C:\WINDOWS\System32\drprov.dll
(0000000075f00000 - 0000000075f0a000: C:\WINDOWS\System32\davclnt.dll
(0000000075f10000 - 000000007600d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076010000 - 0000000076075000: C:\WINDOWS\system32\MSVCP60.dll
(00000000762f0000 - 0000000076300000: C:\WINDOWS\system32\WINSTA.dll
(0000000076310000 - 0000000076315000: C:\WINDOWS\System32\MSIMG32.dll
(0000000076320000 - 000000007633d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076340000 - 000000007638a000: C:\WINDOWS\system32\comdlg32.dll
(0000000076390000 - 0000000076539000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076540000 - 0000000076561000: C:\WINDOWS\system32\stobject.dll
(0000000076590000 - 00000000765ad000: C:\WINDOWS\System32\CSCDLL.dll
(00000000765b0000 - 0000000076606000: C:\WINDOWS\System32\cscui.dll
(0000000076610000 - 0000000076694000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000076920000 - 0000000076928000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076930000 - 0000000076956000: C:\WINDOWS\system32\ntshrui.dll
(0000000076960000 - 0000000076a16000: C:\WINDOWS\system32\USERENV.dll
(0000000076ac0000 - 0000000076ad1000: C:\WINDOWS\system32\ATL.DLL
(0000000076ae0000 - 0000000076b0f000: C:\WINDOWS\system32\WINMM.dll
(0000000076ba0000 - 0000000076bab000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076bb0000 - 0000000076bdf000: C:\WINDOWS\system32\credui.dll
(0000000076be0000 - 0000000076c0e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c40000 - 0000000076c68000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d10000 - 0000000076d29000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e30000 - 0000000076e3e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f00000 - 0000000076f08000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f10000 - 0000000076f3d000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f80000 - 0000000076fff000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077000000 - 00000000770d4000: C:\WINDOWS\system32\COMRes.dll
(00000000770e0000 - 000000007716b000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077210000 - 00000000772c1000: C:\WINDOWS\system32\SXS.DLL
(0000000077390000 - 0000000077493000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(00000000774a0000 - 00000000775dd000: C:\WINDOWS\system32\ole32.dll
(00000000778e0000 - 00000000779d8000: C:\WINDOWS\system32\SETUPAPI.dll
(00000000779e0000 - 0000000077a77000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077a80000 - 0000000077a92000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b50000 - 0000000077b72000: C:\WINDOWS\system32\appHelp.dll
(0000000077ba0000 - 0000000077ba7000: C:\WINDOWS\system32\midimap.dll
(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077da0000 - 0000000077e4c000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee2000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f39000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
(000000007c420000 - 000000007c4a7000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
(000000007c800000 - 000000007c906000: C:\WINDOWS\system32\kernel32.dll
(000000007c910000 - 000000007c9c9000: C:\WINDOWS\system32\ntdll.dll
(000000007c9d0000 - 000000007d1f5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d200000 - 000000007d4bc000: C:\WINDOWS\system32\msi.dll
(000000007e210000 - 000000007e381000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e390000 - 000000007e421000: C:\WINDOWS\system32\USER32.dll

*----> Vidage de l'état de la thread 0xaf0 <----*

eax=00000004 ebx=00000003 ecx=0000014a edx=0000012b esi=000dd6a0 edi=00000000
eip=7c91e514 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca23abc 00000000 0007ff5c 01013256 ntdll!KiFastSystemCallRet
0007ff14 01013256 000dd6a0 7ffde000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a5c7 00000000 00000000 0002075e explorer+0x13256
0007ffc0 7c817077 00074320 0006e890 7ffde000 explorer+0x1a5c7
0007fff0 00000000 0101a55f 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Vidage brut de la pile <----*
000000000007fef0 18 94 39 7e 2e 7a 9f 7c - 4a 93 80 7c a0 d6 0d 00 ..9~.z.|J..|....
000000000007ff00 a0 d6 0d 00 14 ff 07 00 - 14 ff 07 00 bc 3a a2 7c .............:.|
000000000007ff10 00 00 00 00 5c ff 07 00 - 56 32 01 01 a0 d6 0d 00 ....\...V2......
000000000007ff20 00 e0 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 ............$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 0a d8 91 7c 05 ad 80 7c P..........|...|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 9c df 0b 00 ................
000000000007ff50 d8 00 00 00 01 00 00 00 - a0 d6 0d 00 c0 ff 07 00 ................
000000000007ff60 c7 a5 01 01 00 00 00 00 - 00 00 00 00 5e 07 02 00 ............^...
000000000007ff70 05 00 00 00 20 43 07 00 - 90 e8 06 00 44 00 00 00 .... C......D...
000000000007ff80 b0 07 02 00 90 07 02 00 - 60 07 02 00 00 00 00 00 ........`.......
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00 ................
000000000007ffa0 00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00 ....:...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 77 70 81 7c - 20 43 07 00 90 e8 06 00 ....wp.| C......
000000000007ffd0 00 e0 fd 7f 17 eb 58 80 - c8 ff 07 00 20 30 f8 86 ......X..... 0..
000000000007ffe0 ff ff ff ff d8 9a 83 7c - 80 70 81 7c 00 00 00 00 .......|.p.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 5f a5 01 01 00 00 00 00 ........_.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> Vidage de l'état de la thread 0x158 <----*

eax=00e6f6f4 ebx=0179d1d0 ecx=00000001 edx=0000001e esi=8007041d edi=00e6faf0
eip=7c91e514 esp=00e6fa9c ebp=00e6fb28 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\UxTheme.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\msutb.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00e6fb28 5b098bcf 00e6fb38 00000000 00383f90 ntdll!KiFastSystemCallRet
00e6fb3c 5b098ba9 00000000 00000000 ffffffff UxTheme!IsThemeActive+0x4a
00e6fb54 5ffca9bb 017ce430 0179d1d0 00000000 UxTheme!IsThemeActive+0x24
00e6fbd4 5ffc91c1 1a010db3 0179d1d0 0179d1d0 msutb+0x1a9bb
00e6fbe8 5ffca479 1a010db3 017ce430 0179d1d0 msutb+0x191c1
00e6fc14 5ffca4ba 1a010db3 00e6fc30 000db914 msutb+0x1a479
00e6fc44 5ffca4ba 1a010db3 00e6fc60 000db8f4 msutb+0x1a4ba
00e6fc74 5ffcd18c 1a010db3 00e6fd24 000db9e8 msutb+0x1a4ba
00e6fc98 5ffbcdf1 01010056 0185000f 00000000 msutb+0x1d18c
00e6fcb0 5ffcc640 01010056 00e6fd24 00000000 msutb!ClosePopupTipbar+0x350c
00e6fd60 5ffcccbb 000300b2 0000000f 00000000 msutb+0x1c640
00e6fd84 7e398734 000300b2 0000000f 00000000 msutb+0x1ccbb
00e6fdb0 7e398816 5ffccc65 000300b2 0000000f USER32!GetDC+0x6d
00e6fe18 7e3a8ea0 00000000 5ffccc65 000300b2 USER32!GetDC+0x14f
00e6fe6c 7e3a8eec 00580ef8 0000000f 00000000 USER32!DefWindowProcW+0x180
00e6fe94 7c91e473 00e6fea4 00000018 00580ef8 USER32!DefWindowProcW+0x1cc
00e6ff00 7e398a10 00e6ff28 00000000 00e6ff44 ntdll!KiUserCallbackDispatcher+0x13
00e6ff10 01001a35 00e6ff28 00000000 010460f8 USER32!DispatchMessageW+0xf
00e6ff44 0100ffd1 00000000 00e6ffb4 77f56f42 explorer+0x1a35
00e6ff50 77f56f42 010460f8 0000005c 00000000 explorer+0xffd1
00e6ffb4 7c80b729 00000000 0000005c 00000000 SHLWAPI!Ordinal505+0x3e9
00e6ffec 00000000 77f56ed3 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000e6fa9c ea da 91 7c d9 89 09 5b - c4 00 00 00 f0 fa e6 00 ...|...[........
0000000000e6faac b8 fa e6 00 98 fb e6 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fabc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6facc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fadc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6faec 00 00 00 00 20 00 38 00 - 00 00 00 00 00 00 00 00 .... .8.........
0000000000e6fafc 00 00 00 00 00 00 00 00 - 00 00 00 00 07 00 00 00 ................
0000000000e6fb0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fb1c 00 00 00 00 00 00 00 00 - 00 00 00 00 3c fb e6 00 ............<...
0000000000e6fb2c cf 8b 09 5b 38 fb e6 00 - 00 00 00 00 90 3f 38 00 ...[8........?8.
0000000000e6fb3c 54 fb e6 00 a9 8b 09 5b - 00 00 00 00 00 00 00 00 T......[........
0000000000e6fb4c ff ff ff ff 9e 68 41 77 - d4 fb e6 00 bb a9 fc 5f .....hAw......._
0000000000e6fb5c 30 e4 7c 01 d0 d1 79 01 - 00 00 00 00 7c fb e6 00 0.|...y.....|...
0000000000e6fb6c 2a 88 39 7e 18 03 00 00 - 58 b3 56 00 6c b3 56 00 *.9~....X.V.l.V.
0000000000e6fb7c 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fb8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fb9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e6fbac 00 00 00 00 00 00 00 00 - 00 00 00 00 ff ff ff ff ................
0000000000e6fbbc 2a 88 39 7e 00 00 00 00 - 20 69 09 00 9e 68 41 77 *.9~.... i...hAw
0000000000e6fbcc ca 00 05 00 18 03 00 00 - e8 fb e6 00 c1 91 fc 5f ..............._

*----> Vidage de l'état de la thread 0x390 <----*

eax=7c937edb ebx=00000000 ecx=77da6a87 edx=77da6a4e esi=ffffffff edi=7c91f668
eip=7c91e514 esp=00eaff9c ebp=00eaffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00eaffb4 7c80b729 00000000 7c91f668 ffffffff ntdll!KiFastSystemCallRet
00eaffec 00000000 7c937edb 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000eaff9c 1a d2 91 7c 22 7f 93 7c - 01 00 00 00 ac ff ea 00 ...|"..|........
0000000000eaffac 00 00 00 00 00 00 00 80 - ec ff ea 00 29 b7 80 7c ............)..|
0000000000eaffbc 00 00 00 00 68 f6 91 7c - ff ff ff ff 00 00 00 00 ....h..|........
0000000000eaffcc 00 80 fd 7f 00 d6 3b 87 - c0 ff ea 00 b8 d1 fc 86 ......;.........
0000000000eaffdc ff ff ff ff d8 9a 83 7c - 30 b7 80 7c 00 00 00 00 .......|0..|....
0000000000eaffec 00 00 00 00 00 00 00 00 - db 7e 93 7c 00 00 00 00 .........~.|....
0000000000eafffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xec0 <----*

eax=000000c0 ebx=00000000 ecx=00e6fbbc edx=00000000 esi=00000000 edi=00000001
eip=7c91e514 esp=00f2fcec ebp=00f2ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f2ffb4 7c80b729 00000000 00000020 00e6fce4 ntdll!KiFastSystemCallRet
00f2ffec 00000000 7c939b8f 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000f2fcec 4a df 91 7c b6 9c 93 7c - 03 00 00 00 30 fd f2 00 J..|...|....0...
0000000000f2fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
0000000000f2fd0c e4 fc e6 00 00 00 00 00 - 80 f9 98 7c 80 f9 98 7c ...........|...|
0000000000f2fd1c 24 02 00 00 c0 0e 00 00 - 03 00 00 00 03 00 00 00 $...............
0000000000f2fd2c 02 00 00 00 20 02 00 00 - c0 05 00 00 08 02 00 00 .... ...........
0000000000f2fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xb8c <----*

eax=00000007 ebx=0151fd58 ecx=0151fd30 edx=7c91e514 esi=00000000 edi=7ffde000
eip=7c91e514 esp=0151fd30 ebp=0151fdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0151fdcc 7e3995f9 00000007 0151fdf4 00000000 ntdll!KiFastSystemCallRet
0151fe28 7ca04308 00000006 0151fe50 ffffffff USER32!GetLastInputInfo+0x105
0151ff4c 7ca21fc4 77f56f42 00000000 7c8099fa SHELL32!Shell_GetCachedImageIndex+0x450
0151ffb4 7c80b729 00000000 7c8099fa 00090000 SHELL32!Ordinal753+0x133
0151ffec 00000000 77f56ed3 00e6f4d4 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000151fd30 4a df 91 7c 90 95 80 7c - 07 00 00 00 58 fd 51 01 J..|...|....X.Q.
000000000151fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000151fd50 07 00 00 00 02 00 00 00 - e4 09 00 00 e0 09 00 00 ................
000000000151fd60 c8 05 00 00 5c 02 00 00 - 8c 02 00 00 54 02 00 00 ....\.......T...
000000000151fd70 50 02 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 P...0...........
000000000151fd80 18 33 0d 00 00 00 00 00 - 00 00 00 00 ec fd 51 01 .3............Q.
000000000151fd90 8f 04 3c 7e 30 88 39 7e - 00 e0 fd 7f 00 50 fd 7f ..<~0.9~.....P..
000000000151fda0 cd 89 39 7e 00 00 00 00 - 58 fd 51 01 36 01 07 00 ..9~....X.Q.6...
000000000151fdb0 07 00 00 00 4c fd 51 01 - 00 00 00 00 dc ff 51 01 ....L.Q.......Q.
000000000151fdc0 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 28 fe 51 01 ...|...|....(.Q.
000000000151fdd0 f9 95 39 7e 07 00 00 00 - f4 fd 51 01 00 00 00 00 ..9~......Q.....
000000000151fde0 ff ff ff ff 01 00 00 00 - e8 88 0c 00 06 00 00 00 ................
000000000151fdf0 00 00 00 00 e4 09 00 00 - e0 09 00 00 c8 05 00 00 ................
000000000151fe00 5c 02 00 00 8c 02 00 00 - 54 02 00 00 50 02 00 00 \.......T...P...
000000000151fe10 00 00 00 00 ab 62 00 00 - 00 00 00 00 01 00 00 00 .....b..........
000000000151fe20 00 50 fd 7f 50 02 00 00 - 4c ff 51 01 08 43 a0 7c .P..P...L.Q..C.|
000000000151fe30 06 00 00 00 50 fe 51 01 - ff ff ff ff ff 04 00 00 ....P.Q.........
000000000151fe40 f4 fd 51 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..Q.............
000000000151fe50 e4 09 00 00 e0 09 00 00 - c8 05 00 00 5c 02 00 00 ............\...
000000000151fe60 8c 02 00 00 54 02 00 00 - 54 02 00 00 54 02 00 00 ....T...T...T...

*----> Vidage de l'état de la thread 0xc9c <----*

eax=00000000 ebx=00004e20 ecx=00000090 edx=00000280 esi=018dfd68 edi=7e3991c6
eip=7c91e514 esp=018dfcf8 ebp=018dfd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
018dfd14 76541565 018dfd68 00000000 00000000 ntdll!KiFastSystemCallRet
018dfd8c 7654362e 76540000 00000000 00050074 stobject+0x1565
018dffb4 7c80b729 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x19e4
018dffec 00000000 765435df 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000018dfcf8 be 91 39 7e f1 91 39 7e - 68 fd 8d 01 00 00 00 00 ..9~..9~h.......
00000000018dfd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd 8d 01 ................
00000000018dfd18 65 15 54 76 68 fd 8d 01 - 00 00 00 00 00 00 00 00 e.Tvh...........
00000000018dfd28 00 00 00 00 00 00 00 00 - 00 00 54 76 00 00 00 00 ..........Tv....
00000000018dfd38 30 00 00 00 00 40 00 00 - 21 13 54 76 00 00 00 00 0....@..!.Tv....
00000000018dfd48 1e 00 00 00 00 00 54 76 - af 01 17 00 11 00 01 00 ......Tv........
00000000018dfd58 10 00 00 00 00 00 00 00 - dc 30 54 76 00 00 00 00 .........0Tv....
00000000018dfd68 52 00 06 00 05 04 00 00 - 00 00 00 00 c1 00 00 00 R...............
00000000018dfd78 95 55 2a 00 a5 02 00 00 - e4 01 00 00 00 00 00 00 .U*.............
00000000018dfd88 00 00 00 00 b4 ff 8d 01 - 2e 36 54 76 00 00 54 76 .........6Tv..Tv
00000000018dfd98 00 00 00 00 74 00 05 00 - 01 00 00 00 00 00 00 00 ....t...........
00000000018dfda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00 C.:.\.W.I.N.D.O.
00000000018dfdb8 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00 W.S.\.s.y.s.t.e.
00000000018dfdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00 m.3.2.\.s.t.o.b.
00000000018dfdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00 j.e.c.t...d.l.l.
00000000018dfde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff 8d 01 ...|............
00000000018dfdf8 23 00 00 00 e4 8b e0 86 - a0 89 e0 86 00 6d ce 86 #............m..
00000000018dfe08 38 65 b2 f7 66 c7 4d 80 - 00 00 00 00 48 c5 4e 80 8e..f.M.....H.N.
00000000018dfe18 e4 8b e0 86 a0 89 e0 86 - a0 6d ce 86 1c 5b 2c b6 .........m...[,.
00000000018dfe28 01 00 00 00 24 5b 2c b6 - 00 00 00 00 05 c6 4d 80 ....$[,.......M.

*----> Vidage de l'état de la thread 0xbd8 <----*

eax=72c730e8 ebx=0209fef8 ecx=000000c8 edx=017b4008 esi=00000000 edi=7ffde000
eip=7c91e514 esp=0209fed0 ebp=0209ff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
0209ff6c 7c80a115 00000002 0209ffa4 00000000 ntdll!KiFastSystemCallRet
0209ff88 72c7312a 00000002 0209ffa4 00000000 kernel32!WaitForMultipleObjects+0x18
0209ffb4 7c80b729 00000000 00000000 00090000 wdmaud!midMessage+0x348
0209ffec 00000000 72c730e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000209fed0 4a df 91 7c 90 95 80 7c - 02 00 00 00 f8 fe 09 02 J..|...|........
000000000209fee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000209fef0 00 00 00 00 00 00 00 00 - a4 05 00 00 90 05 00 00 ................
000000000209ff00 70 69 cd 86 00 76 19 e3 - 50 99 57 80 00 00 00 00 pi...v..P.W.....
000000000209ff10 00 00 00 00 50 9c 02 b6 - 14 00 00 00 01 00 00 00 ....P...........
000000000209ff20 68 6f 79 01 00 00 00 00 - 00 00 00 00 a8 2d 67 85 hoy..........-g.
000000000209ff30 dc 2d 67 85 a0 0c 00 00 - 00 e0 fd 7f 00 c0 fa 7f .-g.............
000000000209ff40 a8 2d 67 85 00 00 00 00 - f8 fe 09 02 c4 a0 4f 80 .-g...........O.
000000000209ff50 02 00 00 00 ec fe 09 02 - 00 00 00 00 dc ff 09 02 ................
000000000209ff60 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 88 ff 09 02 ...|...|........
000000000209ff70 15 a1 80 7c 02 00 00 00 - a4 ff 09 02 00 00 00 00 ...|............
000000000209ff80 ff ff ff ff 00 00 00 00 - b4 ff 09 02 2a 31 c7 72 ............*1.r
000000000209ff90 02 00 00 00 a4 ff 09 02 - 00 00 00 00 ff ff ff ff ................
000000000209ffa0 00 00 09 00 a4 05 00 00 - 90 05 00 00 f2 1e 70 80 ..............p.
000000000209ffb0 1a da 91 7c ec ff 09 02 - 29 b7 80 7c 00 00 00 00 ...|....)..|....
000000000209ffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 c0 fa 7f ................
000000000209ffd0 00 b6 3b 87 c0 ff 09 02 - 08 69 fb 86 ff ff ff ff ..;......i......
000000000209ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000209fff0 00 00 00 00 e8 30 c7 72 - 00 00 00 00 00 00 00 00 .....0.r........
00000000020a0000 b8 dc e9 38 00 87 04 24 - 50 e9 9d bc 7d 25 00 00 ...8...$P...}%..

*----> Vidage de l'état de la thread 0xc68 <----*

eax=00000000 ebx=00000000 ecx=000d5b78 edx=7c91e514 esi=00093200 edi=000932a4
eip=7c91e514 esp=021ffe18 ebp=021fff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
021fff80 77e56caf 021fffa8 77e56ad1 00093200 ntdll!KiFastSystemCallRet
021fff88 77e56ad1 00093200 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x61c
021fffa8 77e56c97 000a9960 021fffec 7c80b729 RPCRT4!I_RpcBCacheFree+0x43e
021fffb4 7c80b729 000d5b78 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x604
021fffec 00000000 77e56c7d 000d5b78 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000021ffe18 aa da 91 7c e3 65 e5 77 - d4 01 00 00 74 ff 1f 02 ...|.e.w....t...
00000000021ffe28 00 00 00 00 a8 c6 0b 00 - 50 ff 1f 02 83 5e 4f 80 ........P....^O.
00000000021ffe38 8b 60 58 80 a6 60 58 80 - 64 2d a6 b5 08 fc 77 01 .`X..`X.d-....w.
00000000021ffe48 f3 5f 58 80 03 00 00 00 - 02 22 3c 87 00 00 17 87 ._X......"<.....
00000000021ffe58 84 24 3c 87 00 6f 19 87 - a8 2b a6 b5 b3 cc 57 80 .$<..o...+....W.
00000000021ffe68 38 6f 19 87 10 00 00 00 - f8 22 3c 87 5e 0a 00 00 8o......."<.^...
00000000021ffe78 0c 00 00 00 50 db cd e2 - 00 00 00 00 00 00 00 00 ....P...........
00000000021ffe88 00 00 00 00 88 c0 b6 e2 - 9c 2b a6 b5 4b fc 56 80 .........+..K.V.
00000000021ffe98 88 c0 b6 e2 d0 05 00 00 - 38 6f 19 87 88 c0 b6 e2 ........8o......
00000000021ffea8 f8 22 3c 87 d0 05 00 00 - 00 00 00 00 a0 bb 13 e1 ."<.............
00000000021ffeb8 b8 2b a6 b5 3b fd 56 80 - 88 c0 b6 e2 a0 bb 13 e1 .+..;.V.........
00000000021ffec8 38 6f 19 87 03 00 1f 00 - f8 22 3c 87 d0 05 00 00 8o......."<.....
00000000021ffed8 fc 2b a6 b5 1f cb 57 80 - 88 c0 b6 e2 ec 2b a6 b5 .+....W......+..
00000000021ffee8 00 00 00 00 b8 90 e0 86 - 00 00 00 00 48 fd 10 e3 ............H...
00000000021ffef8 00 00 00 00 68 2c a6 b5 - 2c db cd e2 01 00 00 00 ....h,..,.......
00000000021fff08 28 2c a6 01 38 6f 19 87 - 03 00 1f 00 88 c0 b6 e2 (,..8o..........
00000000021fff18 38 65 b2 f7 66 c7 4d 80 - 00 77 bd 86 2f c5 4d 80 8e..f.M..w../.M.
00000000021fff28 7c 78 bd 86 80 ff 1f 02 - ae df e5 77 48 ff 1f 02 |x.........wH...
00000000021fff38 be df e5 77 e0 10 91 7c - c8 b7 0e 00 78 5b 0d 00 ...w...|....x[..
00000000021fff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0xaac <----*

eax=0218f6c0 ebx=00000000 ecx=000c4990 edx=00000000 esi=00093200 edi=000932a4
eip=7c91e514 esp=0223fe18 ebp=0223ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0223ff80 77e56caf 0223ffa8 77e56ad1 00093200 ntdll!KiFastSystemCallRet
0223ff88 77e56ad1 00093200 00000000 021ffc94 RPCRT4!I_RpcBCacheFree+0x61c
0223ffa8 77e56c97 000a9960 0223ffec 7c80b729 RPCRT4!I_RpcBCacheFree+0x43e
0223ffb4 7c80b729 000baf20 00000000 021ffc94 RPCRT4!I_RpcBCacheFree+0x604
0223ffec 00000000 77e56c7d 000baf20 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000223fe18 aa da 91 7c e3 65 e5 77 - d4 01 00 00 74 ff 23 02 ...|.e.w....t.#.
000000000223fe28 00 00 00 00 98 e0 7f 01 - 50 ff 23 02 88 53 66 85 ........P.#..Sf.
000000000223fe38 00 00 00 00 80 1c 2c e3 - a8 05 b6 e1 10 1c 2c e3 ......,.......,.
000000000223fe48 00 00 00 00 38 f5 df ff - 02 c7 4d 80 00 00 1c b6 ....8.....M.....
000000000223fe58 c3 20 4e 80 00 00 00 00 - 28 7e 60 85 00 00 00 00 . N.....(~`.....
000000000223fe68 78 5b 1c b6 0e 00 00 00 - 8c 5c 1c b6 01 00 00 00 x[.......\......
000000000223fe78 00 00 00 00 00 00 00 00 - 28 7e 60 85 00 00 00 00 ........(~`.....
000000000223fe88 08 00 61 85 00 00 00 00 - 01 1a 2c e3 66 f6 53 00 ..a.......,.f.S.
000000000223fe98 88 5b 1c b6 bb f6 53 f7 - 43 1d 70 80 28 5c 1c b6 .[....S.C.p.(\..
000000000223fea8 27 14 70 80 00 0d db ba - 00 00 00 00 28 7e 60 85 '.p.........(~`.
000000000223feb8 92 44 56 f7 e0 ab df 86 - 28 c8 31 87 08 30 f6 86 .DV.....(.1..0..
000000000223fec8 01 00 00 f7 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000223fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000223fee8 00 00 00 00 00 7b 22 87 - ff ff ff ff 40 f5 df ff .....{".....@...
000000000223fef8 00 00 00 00 10 14 70 80 - bc a1 ff 86 28 5c 1c b6 ......p.....(\..
000000000223ff08 00 00 00 00 27 14 70 80 - 08 00 00 00 46 02 00 00 ....'.p.....F...
000000000223ff18 e8 1b 4e 80 90 a0 ff 86 - 20 a0 ff 86 1e 1c 4e 80 ..N..... .....N.
000000000223ff28 8c a1 ff 86 80 ff 23 02 - ae df e5 77 48 ff 23 02 ......#....wH.#.
000000000223ff38 be df e5 77 e0 10 91 7c - a8 ab 0b 00 20 af 0b 00 ...w...|.... ...
000000000223ff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0x794 <----*

eax=00000000 ebx=00150134 ecx=7e39882a edx=7c91e514 esi=0038e914 edi=75f34580
eip=278746f3 esp=015bfb50 ebp=015bfb5c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

fonction : <nosymbols>
No prior disassembly possible
278746f3 ?? ???
278746f5 ?? ???
278746f7 ?? ???
278746f9 ?? ???
278746fb ?? ???
278746fd ?? ???
278746ff ?? ???
27874701 ?? ???
27874703 ?? ???
FAUTE ->278746f3 ?? ???
Error 0x00000001
278746f5 ?? ???
278746f7 ?? ???
278746f9 ?? ???
278746fb ?? ???
278746fd ?? ???
278746ff ?? ???
27874701 ?? ???
27874703 ?? ???
27874705 ?? ???
27874707 ?? ???

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\BROWSEUI.dll -
ChildEBP RetAddr Args to Child
015bfb4c 015bfbc8 01af0000 00000000 015bfb8c 0x278746f3
015bfb5c 7e398734 0038e914 00150134 00000002 0x15bfbc8
015bfb8c 7e398816 01af0000 00150134 00000002 USER32!GetDC+0x6d
015bfbf4 7e3a8ea0 00000000 01af0000 00150134 USER32!GetDC+0x14f
015bfc48 7e3a8eec 00585760 00000002 00000000 USER32!DefWindowProcW+0x180
015bfc70 7c91e473 015bfc80 00000018 00585760 USER32!DefWindowProcW+0x1cc
015bfcc0 75f351df 00000000 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x13
015bff20 75f35389 01798a08 00000000 00000000 BROWSEUI!Ordinal138+0x791f
015bffb4 7c80b729 01798a08 00000000 00000000 BROWSEUI!Ordinal138+0x7ac9
015bffec 00000000 75f35339 01798a08 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000015bfb50 c8 fb 5b 01 00 00 af 01 - 00 00 00 00 8c fb 5b 01 ..[...........[.
00000000015bfb60 34 87 39 7e 14 e9 38 00 - 34 01 15 00 02 00 00 00 4.9~..8.4.......
00000000015bfb70 00 00 00 00 00 00 00 00 - 00 00 af 01 cd ab ba dc ................
00000000015bfb80 00 00 00 00 c8 fb 5b 01 - 00 00 af 01 f4 fb 5b 01 ......[.......[.
00000000015bfb90 16 88 39 7e 00 00 af 01 - 34 01 15 00 02 00 00 00 ..9~....4.......
00000000015bfba0 00 00 00 00 00 00 00 00 - 00 00 00 00 34 01 15 00 ............4...
00000000015bfbb0 00 00 00 00 14 00 00 00 - 01 00 00 00 00 00 00 00 ................
00000000015bfbc0 00 00 00 00 10 00 00 00 - 00 00 00 00 20 fc 5b 01 ............ .[.
00000000015bfbd0 01 00 00 00 00 00 00 00 - 00 00 00 00 a8 fb 5b 01 ..............[.
00000000015bfbe0 74 f7 5b 01 38 fc 5b 01 - 8f 04 3c 7e 30 88 39 7e t.[.8.[...<~0.9~
00000000015bfbf0 00 00 00 00 48 fc 5b 01 - a0 8e 3a 7e 00 00 00 00 ....H.[...:~....
00000000015bfc00 00 00 af 01 34 01 15 00 - 02 00 00 00 00 00 00 00 ....4...........
00000000015bfc10 00 00 00 00 74 57 58 00 - 01 00 00 00 14 5f 0e 00 ....tWX......_..
00000000015bfc20 34 01 15 00 00 00 00 00 - b0 8e 3a 7e 00 00 00 00 4.........:~....
00000000015bfc30 1c fc 5b 01 74 f7 5b 01 - a4 ff 5b 01 8f 04 3c 7e ..[.t.[...[...<~
00000000015bfc40 b0 8e 3a 7e ff ff ff ff - 70 fc 5b 01 ec 8e 3a 7e ..:~....p.[...:~
00000000015bfc50 60 57 58 00 02 00 00 00 - 00 00 00 00 00 00 00 00 `WX.............
00000000015bfc60 00 00 af 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015bfc70 c0 fc 5b 01 73 e4 91 7c - 80 fc 5b 01 18 00 00 00 ..[.s..|..[.....
00000000015bfc80 60 57 58 00 02 00 00 00 - 00 00 00 00 00 00 00 00 `WX.............

*----> Vidage de l'état de la thread 0x854 <----*

eax=774be43b ebx=00007530 ecx=0193f938 edx=00090000 esi=00000000 edi=0214ff50
eip=7c91e514 esp=0214ff20 ebp=0214ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
0214ff78 7c802455 0000ea60 00000000 0214ffb4 ntdll!KiFastSystemCallRet
0214ff88 774be32f 0000ea60 0178de88 774be3ee kernel32!Sleep+0xf
0214ffb4 7c80b729 0178de88 00090188 00000010 ole32!StringFromGUID2+0x51d
0214ffec 00000000 774be43b 0178de88 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000214ff20 1a d2 91 7c f1 23 80 7c - 00 00 00 00 50 ff 14 02 ...|.#.|....P...
000000000214ff30 50 25 80 7c f8 6d 5c 77 - 30 75 00 00 14 00 00 00 P%.|.m\w0u......
000000000214ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
000000000214ff50 00 ba 3c dc ff ff ff ff - 10 d1 4a 77 50 ff 14 02 ..<.......JwP...
000000000214ff60 30 ff 14 02 80 7e 0e 00 - dc ff 14 02 d8 9a 83 7c 0....~.........|
000000000214ff70 60 24 80 7c 00 00 00 00 - 88 ff 14 02 55 24 80 7c `$.|........U$.|
000000000214ff80 60 ea 00 00 00 00 00 00 - b4 ff 14 02 2f e3 4b 77 `.........../.Kw
000000000214ff90 60 ea 00 00 88 de 78 01 - ee e3 4b 77 00 00 00 00 `.....x...Kw....
000000000214ffa0 88 01 09 00 88 de 78 01 - 00 00 4a 77 56 e4 4b 77 ......x...JwV.Kw
000000000214ffb0 10 00 00 00 ec ff 14 02 - 29 b7 80 7c 88 de 78 01 ........)..|..x.
000000000214ffc0 88 01 09 00 10 00 00 00 - 88 de 78 01 00 d0 fa 7f ..........x.....
000000000214ffd0 00 d6 3b 87 c0 ff 14 02 - 20 22 df 86 ff ff ff ff ..;..... "......
000000000214ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000214fff0 00 00 00 00 3b e4 4b 77 - 88 de 78 01 00 00 00 00 ....;.Kw..x.....
0000000002150000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002150010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002150020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002150030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002150040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002150050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xc84 <----*

eax=77dc848a ebx=027cfed0 ecx=00730077 edx=006f0064 esi=00000000 edi=7ffde000
eip=7c91e514 esp=027cfea8 ebp=027cff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
027cff44 77dc8631 00000002 027cff6c 00000000 ntdll!KiFastSystemCallRet
027cffb4 7c80b729 00000000 00740066 0057005c ADVAPI32!WmiFreeBuffer+0x24e
027cffec 00000000 77dc848a 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000027cfea8 4a df 91 7c 90 95 80 7c - 02 00 00 00 d0 fe 7c 02 J..|...|......|.
00000000027cfeb8 01 00 00 00 01 00 00 00 - 04 ff 7c 02 e0 2e 86 00 ..........|.....
00000000027cfec8 60 66 e1 77 00 10 00 00 - 60 00 00 00 6c 00 00 00 `f.w....`...l...
00000000027cfed8 c0 fe 7c 02 00 c5 be 86 - dc ff 7c 02 d8 9a 83 7c ..|.......|....|
00000000027cfee8 50 0b 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 P..|............
00000000027cfef8 00 00 00 00 00 00 00 00 - 10 00 00 00 00 a2 2f 4d ............../M
00000000027cff08 ff ff ff ff 00 10 00 00 - 00 e0 fd 7f 00 80 fa 7f ................
00000000027cff18 dc ff 7c 02 04 ff 7c 02 - d0 fe 7c 02 06 00 00 00 ..|...|...|.....
00000000027cff28 02 00 00 00 c4 fe 7c 02 - 06 00 00 00 dc ff 7c 02 ......|.......|.
00000000027cff38 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 b4 ff 7c 02 ...|...|......|.
00000000027cff48 31 86 dc 77 02 00 00 00 - 6c ff 7c 02 00 00 00 00 1..w....l.|.....
00000000027cff58 e0 93 04 00 01 00 00 00 - 66 00 74 00 00 00 00 00 ........f.t.....
00000000027cff68 5c 00 57 00 60 00 00 00 - 6c 00 00 00 00 10 00 00 \.W.`...l.......
00000000027cff78 e0 2e 86 00 00 00 00 00 - 00 10 00 00 e8 3e 86 00 .............>..
00000000027cff88 00 67 e1 77 78 00 00 00 - e0 66 e1 77 00 10 00 00 .g.wx....f.w....
00000000027cff98 00 00 00 00 00 67 e1 77 - e0 2e 86 00 e0 66 e1 77 .....g.w.....f.w
00000000027cffa8 e5 03 00 00 00 10 00 00 - e8 3e 86 00 ec ff 7c 02 .........>....|.
00000000027cffb8 29 b7 80 7c 00 00 00 00 - 66 00 74 00 5c 00 57 00 )..|....f.t.\.W.
00000000027cffc8 00 00 00 00 00 80 fa 7f - 00 d6 3b 87 c0 ff 7c 02 ..........;...|.
00000000027cffd8 18 de c0 86 ff ff ff ff - d8 9a 83 7c 30 b7 80 7c ...........|0..|

*----> Vidage de l'état de la thread 0xe50 <----*

eax=0218fd30 ebx=00000930 ecx=00000000 edx=0015df68 esi=0218ff98 edi=7e3a772b
eip=7c91e514 esp=0218ff54 ebp=0218ff78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0218ff78 76ae4e31 0218ff98 00000000 00000000 ntdll!KiFastSystemCallRet
0218ffb4 7c80b729 00000930 00000200 0000002b WINMM!PlaySoundW+0x7e2
0218ffec 00000000 76ae4dca 00000930 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000218ff54 be 91 39 7e 6b 77 3a 7e - 98 ff 18 02 00 00 00 00 ..9~kw:~........
000000000218ff64 00 00 00 00 00 00 00 00 - 30 09 00 00 2b 77 3a 7e ........0...+w:~
000000000218ff74 00 00 00 00 b4 ff 18 02 - 31 4e ae 76 98 ff 18 02 ........1N.v....
000000000218ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................
000000000218ff94 2b 00 00 00 12 02 19 00 - bc 03 00 00 90 e0 7b 01 +.............{.
000000000218ffa4 00 00 00 00 e3 2e 2a 00 - 5c 02 00 00 02 01 00 00 ......*.\.......
000000000218ffb4 ec ff 18 02 29 b7 80 7c - 30 09 00 00 00 02 00 00 ....)..|0.......
000000000218ffc4 2b 00 00 00 30 09 00 00 - 00 e0 fa 7f 00 d6 3b 87 +...0.........;.
000000000218ffd4 c0 ff 18 02 70 42 bf 86 - ff ff ff ff d8 9a 83 7c ....pB.........|
000000000218ffe4 30 b7 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 0..|............
000000000218fff4 ca 4d ae 76 30 09 00 00 - 00 00 00 00 4d 5a 90 00 .M.v0.......MZ..
0000000002190004 03 00 00 00 04 00 00 00 - ff ff 00 00 b8 00 00 00 ................
0000000002190014 00 00 00 00 40 00 00 00 - 00 00 00 00 00 00 00 00 ....@...........
0000000002190024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002190034 00 00 00 00 00 00 00 00 - f0 00 00 00 0e 1f ba 0e ................
0000000002190044 00 b4 09 cd 21 b8 01 4c - cd 21 54 68 69 73 20 70 ....!..L.!This p
0000000002190054 72 6f 67 72 61 6d 20 63 - 61 6e 6e 6f 74 20 62 65 rogram cannot be
0000000002190064 20 72 75 6e 20 69 6e 20 - 44 4f 53 20 6d 6f 64 65 run in DOS mode
0000000002190074 2e 0d 0d 0a 24 00 00 00 - 00 00 00 00 e1 cd 69 a4 ....$.........i.
0000000002190084 a5 ac 07 f7 a5 ac 07 f7 - a5 ac 07 f7 66 a3 08 f7 ............f...

*----> Vidage de l'état de la thread 0xbd4 <----*

eax=7ffa9000 ebx=00000000 ecx=00000001 edx=7c91e514 esi=7c98e420 edi=7c98e440
eip=7c91e514 esp=0381ff70 ebp=0381ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0381ffb4 7c80b729 00000000 0007df4c 0007df4c ntdll!KiFastSystemCallRet
0381ffec 00000000 7c920250 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000381ff70 4a da 91 7c 8d 02 92 7c - 1c 02 00 00 ac ff 81 03 J..|...|........
000000000381ff80 b0 ff 81 03 98 ff 81 03 - a0 ff 81 03 4c df 07 00 ............L...
000000000381ff90 4c df 07 00 00 00 00 00 - 00 00 00 00 b0 ec 0b 00 L...............
000000000381ffa0 00 7c 28 e8 ff ff ff ff - a0 5c 1d b6 e9 7a 93 7c .|(......\...z.|
000000000381ffb0 f8 98 79 01 ec ff 81 03 - 29 b7 80 7c 00 00 00 00 ..y.....)..|....
000000000381ffc0 4c df 07 00 4c df 07 00 - 00 00 00 00 00 90 fa 7f L...L...........
000000000381ffd0 4d c8 4d 80 c0 ff 81 03 - e0 61 67 85 ff ff ff ff M.M......ag.....
000000000381ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000381fff0 00 00 00 00 50 02 92 7c - 00 00 00 00 00 00 00 00 ....P..|........
0000000003820000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003820090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000038200a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................



Une exception d'application s'est produite :
App : C:\WINDOWS\explorer.exe (pid=3964)
Lorsque : 24/05/2009 @ 12:32:34.484
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SN100673850008
Nom utilisateur : jpierre
ID de la session Terminal : 0
Nombre de processeurs : 2
Type de processeur : x86 Family 15 Model 2 Stepping 9
Version de Windows : 5.1
Numéro actuel : 2600
Service Pack : 3
Type actuel : Multiprocessor Free
Organisation enregistrée :
Propriétaire enregistré : jean-pierre

*----> Liste des tâches <----*
0 System Process
4 System
552 smss.exe
600 csrss.exe
628 winlogon.exe
672 services.exe
684 lsass.exe
900 svchost.exe
960 svchost.exe
1024 livesrv.exe
1036 svchost.exe
1144 svchost.exe
1188 svchost.exe
1360 spoolsv.exe
1412 sched.exe
1476 svchost.exe
1524 avguard.exe
1536 AppleMobileDeviceService.exe
1596 ehSched.exe
1644 GhostStartService.exe
1732 jqs.exe
1792 LSSrvc.exe
1980 naviagent.exe
180 slserv.exe
208 svchost.exe
308 wdfmgr.exe
2496 NAVICL~1.EXE
2716 alg.exe
3308 svchost.exe
404 V0230Mon.exe
648 realsched.exe
3044 avgnt.exe
3060 jusched.exe
3096 ctfmon.exe
3124 msnmsgr.exe
3588 uWDF.exe
3964 explorer.exe
3444 drwtsn32.exe

*----> Liste des modules <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000001000000 - 0000000001100000: C:\WINDOWS\explorer.exe
(0000000001100000 - 00000000013da000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001580000 - 0000000001592000: C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
(00000000015a0000 - 00000000015b8000: C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
(00000000021f0000 - 000000000224b000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
(0000000002580000 - 0000000002591000: C:\Program Files\Fichier

bonjour,
je me suis connecté à windowupdate et télécharger toutes les mises à jour masquées sauf explorer 8.(KB9518 KB954430 KB969618) apres redémarrge le problème est tjrs présent .je poste le rapport (incomplet me dire si je dois passer tout le rapport).
pour le site en anglais je n'ai malheureusement pas le niveau technique suffisant mais je vais essayer de traduire surlesprochains jours)cldt
@+
Une exception d'application s'est produite :
App : C:\WINDOWS\explorer.exe (pid=3888)
Lorsque : 26/05/2009 @ 19:59:41.343
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SN100673850008
Nom utilisateur : jpierre
ID de la session Terminal : 0
Nombre de processeurs : 2
Type de processeur : x86 Family 15 Model 2 Stepping 9
Version de Windows : 5.1
Numéro actuel : 2600
Service Pack : 3
Type actuel : Multiprocessor Free
Organisation enregistrée :
Propriétaire enregistré : jean-pierre

*----> Liste des tâches <----*
0 System Process
4 System
552 smss.exe
600 csrss.exe
628 winlogon.exe
672 services.exe
684 lsass.exe
896 svchost.exe
952 svchost.exe
1016 livesrv.exe
1064 svchost.exe
1136 svchost.exe
1232 svchost.exe
1364 spoolsv.exe
1412 sched.exe
1480 svchost.exe
2012 avguard.exe
2040 AppleMobileDeviceService.exe
208 mscorsvw.exe
336 ehSched.exe
412 GhostStartService.exe
468 jqs.exe
576 LSSrvc.exe
1004 naviagent.exe
1284 slserv.exe
1532 svchost.exe
1800 wdfmgr.exe
2264 NAVICL~1.EXE
2772 alg.exe
3364 svchost.exe
2400 V0230Mon.exe
3472 realsched.exe
3488 avgnt.exe
3344 jusched.exe
3444 ctfmon.exe
3776 uWDF.exe
3760 wuauclt.exe
3888 explorer.exe
3640 drwtsn32.exe

*----> Liste des modules <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000001000000 - 0000000001100000: C:\WINDOWS\explorer.exe
(0000000001100000 - 00000000013da000: C:\WINDOWS\system32\xpsp2res.dll
(00000000019b0000 - 00000000019ba000: C:\WINDOWS\system32\WMDMLOG.dll
(0000000001ee0000 - 0000000001ee7000: C:\WINDOWS\system32\WdfApi.dll
(0000000001f00000 - 0000000001f06000: C:\WINDOWS\system32\wpdtrace.dll
(0000000002230000 - 0000000002296000: C:\WINDOWS\system32\wpdsp.dll
(00000000024a0000 - 0000000002627000: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
(00000000070d0000 - 000000000710b000: C:\WINDOWS\system32\WMASF.DLL
(00000000086d0000 - 0000000008917000: C:\WINDOWS\system32\WMVCore.DLL
(0000000008d60000 - 0000000008d98000: C:\WINDOWS\system32\MsPMSP.dll
(0000000008df0000 - 0000000008e41000: C:\WINDOWS\system32\MSWMDM.dll
(0000000008e60000 - 0000000008e6b000: C:\WINDOWS\system32\WMDMPS.dll
(0000000010000000 - 0000000010011000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(000000001f840000 - 000000001f858000: C:\WINDOWS\system32\odbcint.dll
(00000000200e0000 - 00000000200ee000: C:\WINDOWS\system32\eappprxy.dll
(0000000043e00000 - 0000000043e45000: C:\WINDOWS\system32\iertutil.dll
(0000000043ff0000 - 0000000043ffa000: C:\WINDOWS\system32\jsproxy.dll
(0000000044080000 - 0000000044150000: C:\WINDOWS\system32\WININET.dll
(00000000442b0000 - 00000000442ec000: C:\WINDOWS\system32\webcheck.dll
(0000000044360000 - 000000004492d000: C:\WINDOWS\system32\ieframe.dll
(0000000045180000 - 00000000452a7000: C:\WINDOWS\system32\urlmon.dll
(0000000058b50000 - 0000000058bea000: C:\WINDOWS\system32\comctl32.dll
(00000000595b0000 - 000000005977a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(000000005b090000 - 000000005b0c8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b660000 - 000000005b66a000: C:\WINDOWS\system32\dot3api.dll
(000000005b950000 - 000000005b9c3000: C:\WINDOWS\System32\themeui.dll
(000000005cea0000 - 000000005cec6000: C:\WINDOWS\system32\ShimEng.dll
(000000005f140000 - 000000005f157000: C:\WINDOWS\system32\olepro32.dll
(000000005ffb0000 - 000000005ffe3000: C:\WINDOWS\System32\msutb.dll
(0000000062dc0000 - 0000000062dc9000: C:\WINDOWS\system32\LPK.DLL
(0000000062e40000 - 0000000062e99000: C:\WINDOWS\system32\hnetcfg.dll
(00000000698e0000 - 00000000698f6000: C:\WINDOWS\system32\faultrep.dll
(000000006c650000 - 000000006c69d000: C:\WINDOWS\system32\DUSER.dll
(000000006da60000 - 000000006da82000: C:\WINDOWS\system32\eappcfg.dll
(000000006fee0000 - 000000006ff35000: C:\WINDOWS\system32\NETAPI32.dll
(0000000071600000 - 0000000071613000: C:\WINDOWS\system32\browselc.dll
(0000000071990000 - 00000000719d0000: C:\WINDOWS\system32\mswsock.dll
(00000000719d0000 - 00000000719d8000: C:\WINDOWS\System32\wshtcpip.dll
(00000000719e0000 - 00000000719e8000: C:\WINDOWS\system32\WS2HELP.dll
(00000000719f0000 - 0000000071a07000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a10000 - 0000000071a1a000: C:\WINDOWS\system32\wsock32.dll
(0000000071a60000 - 0000000071a72000: C:\WINDOWS\system32\MPR.dll
(0000000071b50000 - 0000000071b63000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071b70000 - 0000000071b7e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071be0000 - 0000000071be7000: C:\WINDOWS\System32\NETRAP.dll
(0000000071bf0000 - 0000000071c30000: C:\WINDOWS\System32\NETUI1.dll
(0000000071c30000 - 0000000071c47000: C:\WINDOWS\System32\NETUI0.dll
(0000000071ca0000 - 0000000071cbb000: C:\WINDOWS\system32\actxprxy.dll
(0000000072640000 - 0000000072646000: C:\WINDOWS\system32\dot3dlg.dll
(0000000072c60000 - 0000000072c68000: C:\WINDOWS\system32\msacm32.drv
(0000000072c70000 - 0000000072c79000: C:\WINDOWS\system32\wdmaud.drv
(0000000073990000 - 00000000739b8000: C:\WINDOWS\system32\OneX.DLL
(0000000073af0000 - 0000000073b04000: C:\WINDOWS\System32\sti.dll
(0000000074690000 - 00000000746dc000: C:\WINDOWS\system32\MSCTF.dll
(0000000074730000 - 000000007476d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074a40000 - 0000000074a48000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074a50000 - 0000000074a57000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074a60000 - 0000000074a6a000: C:\WINDOWS\system32\BatMeter.dll
(0000000075140000 - 000000007516e000: C:\WINDOWS\system32\msctfime.ime
(00000000753c0000 - 000000007542b000: C:\WINDOWS\system32\USP10.dll
(0000000075900000 - 00000000759fa000: C:\WINDOWS\system32\MSGINA.dll
(0000000075d30000 - 0000000075dc1000: C:\WINDOWS\system32\MLANG.dll
(0000000075ef0000 - 0000000075ef7000: C:\WINDOWS\System32\drprov.dll
(0000000075f00000 - 0000000075f0a000: C:\WINDOWS\System32\davclnt.dll
(0000000075f10000 - 000000007600d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076010000 - 0000000076075000: C:\WINDOWS\system32\MSVCP60.dll
(00000000762f0000 - 0000000076300000: C:\WINDOWS\system32\WINSTA.dll
(0000000076310000 - 0000000076315000: C:\WINDOWS\System32\MSIMG32.dll
(0000000076320000 - 000000007633d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076340000 - 000000007638a000: C:\WINDOWS\system32\comdlg32.dll
(0000000076390000 - 0000000076539000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076540000 - 0000000076561000: C:\WINDOWS\system32\stobject.dll
(0000000076590000 - 00000000765ad000: C:\WINDOWS\System32\CSCDLL.dll
(00000000765b0000 - 0000000076606000: C:\WINDOWS\System32\cscui.dll
(0000000076610000 - 0000000076694000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000076920000 - 0000000076928000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076930000 - 0000000076956000: C:\WINDOWS\system32\ntshrui.dll
(0000000076960000 - 0000000076a16000: C:\WINDOWS\system32\USERENV.dll
(0000000076ac0000 - 0000000076ad1000: C:\WINDOWS\system32\ATL.DLL
(0000000076ae0000 - 0000000076b0f000: C:\WINDOWS\system32\WINMM.dll
(0000000076ba0000 - 0000000076bab000: C:\WINDOWS\system32\PSAPI.DLL
(0000000076bb0000 - 0000000076bdf000: C:\WINDOWS\system32\credui.dll
(0000000076be0000 - 0000000076c0e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c40000 - 0000000076c68000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d10000 - 0000000076d29000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e30000 - 0000000076e3e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f00000 - 0000000076f08000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f10000 - 0000000076f3d000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f80000 - 0000000076fff000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077000000 - 00000000770d4000: C:\WINDOWS\system32\COMRes.dll
(00000000770e0000 - 000000007716b000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077210000 - 00000000772c1000: C:\WINDOWS\system32\SXS.DLL
(0000000077390000 - 0000000077493000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(00000000774a0000 - 00000000775dd000: C:\WINDOWS\system32\ole32.dll
(00000000778e0000 - 00000000779d8000: C:\WINDOWS\system32\SETUPAPI.dll
(00000000779e0000 - 0000000077a77000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077a80000 - 0000000077a92000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b50000 - 0000000077b72000: C:\WINDOWS\system32\appHelp.dll
(0000000077ba0000 - 0000000077ba7000: C:\WINDOWS\system32\midimap.dll
(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077da0000 - 0000000077e4c000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee2000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f39000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
(000000007c420000 - 000000007c4a7000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
(000000007c800000 - 000000007c906000: C:\WINDOWS\system32\kernel32.dll
(000000007c910000 - 000000007c9c9000: C:\WINDOWS\system32\ntdll.dll
(000000007c9d0000 - 000000007d1f5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d200000 - 000000007d4bc000: C:\WINDOWS\system32\msi.dll
(000000007e210000 - 000000007e381000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e390000 - 000000007e421000: C:\WINDOWS\system32\USER32.dll

*----> Vidage de l'état de la thread 0xd40 <----*

eax=7c91e514 ebx=00000000 ecx=0007fb30 edx=000600e0 esi=00191e9c edi=00191e9c
eip=7c91e514 esp=0007e864 ebp=0007eb2c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0011 es=c0a2 fs=003b gs=0d40 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msctfime.ime -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHDOCVW.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\BROWSEUI.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\IMM32.DLL -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
ChildEBP RetAddr Args to Child
0007eb2c 7c926886 000e7918 0007eb54 0007eb00 ntdll!KiFastSystemCallRet
0007eba8 7c9266b8 00000001 000e7918 00000000 ntdll!LdrGetDllHandleEx+0x1c5
0007ebc4 7c80e713 000e7918 00000000 0007ec48 ntdll!LdrGetDllHandle+0x18
0007ec14 7c80e64b 0007ec48 80004005 75168248 kernel32!GetModuleHandleW+0x236
0007f098 7c80e4fc 00000001 00000002 0007f0bc kernel32!GetModuleHandleW+0x16e
0007f0b0 7515d55b 0007f0bc 003a0043 0057005c kernel32!GetModuleHandleW+0x1f
0007f2d0 75159a68 75142440 0007f374 0007f2fc msctfime+0x1d55b
0007f2e0 75159ac3 75168248 75142440 75142458 msctfime+0x19a68
0007f2fc 75156985 000600e0 7e39945d 001210e8 msctfime+0x19ac3
0007f33c 751538ea 0007f374 000500d8 00000001 msctfime!CtfImeDispatchDefImeMessage+0x316d
0007f354 751541fc 0007f374 00000001 c000000f msctfime!CtfImeDispatchDefImeMessage+0xd2
0007f388 7e398734 000500d8 00000281 00000001 msctfime!CtfImeDispatchDefImeMessage+0x9e4
0007f3b4 7e398816 7515912a 000500d8 00000281 USER32!GetDC+0x6d
0007f41c 7e3a927b 00000000 7515912a 000500d8 USER32!GetDC+0x14f
0007f458 7e3eb875 00585868 0059c650 00000001 USER32!GetParent+0x16c
0007f47c 7e3ec518 000a2d40 00000281 00000001 USER32!IMPSetIMEA+0x371
0007f4c8 7e3ec926 000800c8 00000281 00000001 USER32!IMPSetIMEA+0x1014
0007f4ec 7e3ec97d 00080084 00000281 00000001 USER32!IMPSetIMEA+0x1422
0007f508 7e398734 00080084 00000281 00000001 USER32!IMPSetIMEA+0x1479
0007f534 7e398816 7e3ec95b 00080084 00000281 USER32!GetDC+0x6d
0007f59c 7e3a927b 00000000 7e3ec95b 00080084 USER32!GetDC+0x14f
0007f5d8 7e3cb642 0059c5a0 005686f0 00000001 USER32!GetParent+0x16c
0007f620 7e3a8dd9 000600e0 00000281 00000001 USER32!DeregisterShellHookWindow+0xb382
0007f63c 7e3a8d77 000600e0 00000281 00000001 USER32!DefWindowProcW+0xb9
0007f684 7e2257cd 000600e0 00000281 00000001 USER32!DefWindowProcW+0x57
0007f6a8 75f128e1 000f7de4 000600e0 00000281 SHDOCVW!DllGetClassObject+0x4b0
0007f6c4 7c9f7b3c 000da18c 000600e0 00000281 BROWSEUI!Ordinal113+0x28e1
0007f71c 7c9f7aca 000f4f98 000600e0 00000281 SHELL32!Ordinal517+0x27b3c
0007f744 7e398734 000f4f78 00000281 00000001 SHELL32!Ordinal517+0x27aca
0007f770 7e398816 7c9f7a64 000600e0 00000281 USER32!GetDC+0x6d
0007f7d8 7e3a927b 0009e5e8 7c9f7a64 000600e0 USER32!GetDC+0x14f
0007f814 7e3a92e3 00567248 005671c8 00000001 USER32!GetParent+0x16c
0007f834 76322b12 000600e0 00000281 00000001 USER32!SendMessageW+0x49
0007f868 7e3eb90e 000600e0 003f0123 00000001 IMM32!ImmSetActiveContext+0x134
0007f884 7e3ebdf2 000600e0 00000001 0059c5a0 USER32!IMPSetIMEA+0x40a
0007fad8 7e3ec8cf 000a2d40 00000287 00000017 USER32!IMPSetIMEA+0x8ee
0007fafc 7e3ec97d 00080084 00000287 00000017 USER32!IMPSetIMEA+0x13cb
0007fb18 7e398734 00080084 00000287 00000017 USER32!IMPSetIMEA+0x1479
0007fb44 7e398816 7e3ec95b 00080084 00000287 USER32!GetDC+0x6d
0007fbac 7e3a8ea0 00000000 7e3ec95b 00080084 USER32!GetDC+0x14f
0007fc00 7e3a8eec 0059c5a0 00000287 00000017 USER32!DefWindowProcW+0x180
0007fc28 7c91e473 0007fc38 00000018 0059c5a0 USER32!DefWindowProcW+0x1cc
0007fca0 7e3a8dd9 000600e0 00000006 00000001 ntdll!KiUserCallbackDispatcher+0x13
0007fcbc 7e3a8d77 000600e0 00000006 00000001 USER32!DefWindowProcW+0xb9
0007fd04 7ca196a5 000600e0 00000006 00000001 USER32!DefWindowProcW+0x57
0007fd28 7e398734 000f4f78 00000006 00000001 SHELL32!PathResolve+0x1a3
0007fd54 7e398816 7c9f7a64 000600e0 00000006 USER32!GetDC+0x6d
0007fdbc 7e3a8ea0 0009e5e8 7c9f7a64 000600e0 USER32!GetDC+0x14f
0007fe10 7e3a8eec 00567248 00000006 00000001 USER32!DefWindowProcW+0x180
0007fe38 7c91e473 0007fe48 00000018 00567248 USER32!DefWindowProcW+0x1cc
0007fe88 7e399402 0007fed4 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x13
0007feb4 7c9f7a52 0007fed4 00000000 00000000 USER32!PeekMessageW+0x167
0007fef0 7c9f7a12 7c80934a 000f4f78 000f4f78 SHELL32!Ordinal517+0x27a52
0007ff08 7ca23abc 00000000 0007ff5c 01013256 SHELL32!Ordinal517+0x27a12
0007ff14 01013256 000f4f78 7ffd5000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a5c7 00000000 00000000 0002075e explorer+0x13256
0007ffc0 7c817077 00074320 0006e890 7ffd5000 explorer+0x1a5c7
0007fff0 00000000 0101a55f 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Vidage brut de la pile <----*
000000000007e864 aa d5 91 7c ec 71 92 7c - e0 e8 07 00 20 00 10 00 ...|.q.|.... ...
000000000007e874 98 e8 07 00 b8 e8 07 00 - 05 00 00 00 60 00 00 00 ............`...
000000000007e884 04 ef 98 7c f8 f0 07 00 - c8 ee 98 7c 00 e9 07 00 ...|.......|....
000000000007e894 ec e8 07 00 18 00 00 00 - 00 00 00 00 c4 e8 07 00 ................
000000000007e8a4 40 00 00 00 00 00 00 00 - 00 00 00 00 00 e9 07 00 @...............
000000000007e8b4 ec e8 07 00 e4 e8 07 00 - 54 e9 07 00 20 ea 07 00 ........T... ...
000000000007e8c4 44 00 1a 02 00 e4 0d 00 - 03 00 00 00 88 eb 07 00 D...............
000000000007e8d4 18 79 0e 00 03 00 00 00 - 02 00 00 00 00 00 00 00 .y..............
000000000007e8e4 00 00 00 00 00 00 00 00 - 3c 00 3e 00 fc e8 07 00 ........<.>.....
000000000007e8f4 e9 5c 92 7c 03 00 01 00 - 43 00 3a 00 5c 00 57 00 .\.|....C.:.\.W.
000000000007e904 49 00 4e 00 44 00 4f 00 - 57 00 53 00 5c 00 73 00 I.N.D.O.W.S.\.s.
000000000007e914 79 00 73 00 74 00 65 00 - 6d 00 33 00 32 00 5c 00 y.s.t.e.m.3.2.\.
000000000007e924 4d 00 73 00 69 00 6d 00 - 74 00 66 00 2e 00 64 00 M.s.i.m.t.f...d.
000000000007e934 6c 00 6c 00 00 00 00 00 - 00 00 00 00 00 00 00 00 l.l.............
000000000007e944 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007e954 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007e964 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007e974 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007e984 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007e994 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xd14 <----*

eax=0099ff7c ebx=0099fed0 ecx=7c801698 edx=00000000 esi=00000000 edi=7ffd5000
eip=7c91e514 esp=0099fea8 ebp=0099ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0099ff44 77dc8631 00000002 0099ff6c 00000000 ntdll!KiFastSystemCallRet
0099ffb4 7c80b729 00000000 7c9242af 00000000 ADVAPI32!WmiFreeBuffer+0x24e
0099ffec 00000000 77dc848a 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000099fea8 4a df 91 7c 90 95 80 7c - 02 00 00 00 d0 fe 99 00 J..|...|........
000000000099feb8 01 00 00 00 01 00 00 00 - 04 ff 99 00 e0 2e 86 00 ................
000000000099fec8 60 66 e1 77 00 10 00 00 - 60 00 00 00 6c 00 00 00 `f.w....`...l...
000000000099fed8 c0 fe 99 00 08 5f 19 e3 - dc ff 99 00 d8 9a 83 7c ....._.........|
000000000099fee8 50 0b 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 P..|............
000000000099fef8 e8 c9 09 00 00 00 00 00 - 00 00 00 00 00 a2 2f 4d ............../M
000000000099ff08 ff ff ff ff 00 10 00 00 - 00 50 fd 7f 00 e0 fd 7f .........P......
000000000099ff18 dc ff 99 00 04 ff 99 00 - d0 fe 99 00 06 00 00 00 ................
000000000099ff28 02 00 00 00 c4 fe 99 00 - 06 00 00 00 dc ff 99 00 ................
000000000099ff38 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 b4 ff 99 00 ...|...|........
000000000099ff48 31 86 dc 77 02 00 00 00 - 6c ff 99 00 00 00 00 00 1..w....l.......
000000000099ff58 e0 93 04 00 01 00 00 00 - af 42 92 7c 00 00 00 00 .........B.|....
000000000099ff68 00 00 00 00 60 00 00 00 - 6c 00 00 00 00 10 00 00 ....`...l.......
000000000099ff78 e0 2e 86 00 00 00 00 00 - 00 10 00 00 e8 3e 86 00 .............>..
000000000099ff88 00 67 e1 77 78 00 00 00 - e0 66 e1 77 00 10 00 00 .g.wx....f.w....
000000000099ff98 00 00 00 00 00 67 e1 77 - e0 2e 86 00 e0 66 e1 77 .....g.w.....f.w
000000000099ffa8 e5 03 00 00 00 10 00 00 - e8 3e 86 00 ec ff 99 00 .........>......
000000000099ffb8 29 b7 80 7c 00 00 00 00 - af 42 92 7c 00 00 00 00 )..|.....B.|....
000000000099ffc8 00 00 00 00 00 e0 fd 7f - c8 7d 2d c0 c0 ff 99 00 .........}-.....
000000000099ffd8 18 2a 71 85 ff ff ff ff - d8 9a 83 7c 30 b7 80 7c .*q........|0..|

*----> Vidage de l'état de la thread 0x898 <----*

eax=00000000 ebx=00000000 ecx=000baf20 edx=ffffffff esi=00093200 edi=0016e4d8
eip=7c91e514 esp=00cefe18 ebp=00ceff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00ceff80 77e56caf 00ceffa8 77e56ad1 00093200 ntdll!KiFastSystemCallRet
00ceff88 77e56ad1 00093200 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x61c
00ceffa8 77e56c97 000a9960 00ceffec 7c80b729 RPCRT4!I_RpcBCacheFree+0x43e
00ceffb4 7c80b729 000baf20 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x604
00ceffec 00000000 77e56c7d 000baf20 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000cefe18 aa da 91 7c e3 65 e5 77 - d4 01 00 00 74 ff ce 00 ...|.e.w....t...
0000000000cefe28 00 00 00 00 78 5b fd 01 - 50 ff ce 00 01 00 00 00 ....x[..P.......
0000000000cefe38 01 00 00 00 40 65 b2 f7 - 02 ff 1f c0 3e 82 4e 80 ....@e......>.N.
0000000000cefe48 00 e0 fd 7f 74 cb e0 b8 - 02 ff 1f c0 00 00 e0 b8 ....t...........
0000000000cefe58 f3 a9 4e 80 00 d0 fd 7f - 01 00 00 00 00 00 00 00 ..N.............
0000000000cefe68 74 ff 1f c0 01 00 00 00 - fc 07 30 c0 0c cc e0 b8 t.........0.....
0000000000cefe78 9a 12 4f 80 74 cb e0 b8 - 00 00 00 00 00 00 00 00 ..O.t...........
0000000000cefe88 06 02 00 00 9e 9d 4d 80 - 2e 25 4e 80 20 a0 fa 86 ......M..%N. ...
0000000000cefe98 28 cc e0 b8 00 11 70 80 - 43 1d 70 80 28 cc e0 b8 (.....p.C.p.(...
0000000000cefea8 27 14 70 80 00 0d db ba - 00 00 00 00 2e 25 4e 80 '.p..........%N.
0000000000cefeb8 00 0d db ba 81 98 55 80 - ab 38 4e 80 08 00 00 00 ......U..8N.....
0000000000cefec8 87 02 00 00 44 28 66 80 - ff ff ff ff 00 d0 fd 7f ....D(f.........
0000000000cefed8 00 00 00 00 90 f6 d7 86 - 00 00 00 00 00 00 00 00 ................
0000000000cefee8 00 00 00 00 81 98 55 80 - ff ff ff ff 40 f5 df ff ......U.....@...
0000000000cefef8 00 00 00 00 10 14 70 80 - bc a1 fa 86 28 cc e0 b8 ......p.....(...
0000000000ceff08 00 00 00 00 27 14 70 80 - 08 00 00 00 46 02 00 00 ....'.p.....F...
0000000000ceff18 e8 1b 4e 80 90 a0 fa 86 - 20 a0 fa 86 1e 1c 4e 80 ..N..... .....N.
0000000000ceff28 8c a1 fa 86 80 ff ce 00 - ae df e5 77 48 ff ce 00 ...........wH...
0000000000ceff38 be df e5 77 e0 10 91 7c - 60 a6 0b 00 20 af 0b 00 ...w...|`... ...
0000000000ceff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0xd80 <----*

eax=774be43b ebx=00007530 ecx=7ffd5000 edx=00000000 esi=00000000 edi=00e2ff50
eip=7c91e514 esp=00e2ff20 ebp=00e2ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
00e2ff78 7c802455 0000ea60 00000000 00e2ffb4 ntdll!KiFastSystemCallRet
00e2ff88 774be32f 0000ea60 000bd6a8 774be3ee kernel32!Sleep+0xf
00e2ffb4 7c80b729 000bd6a8 00000000 73655248 ole32!StringFromGUID2+0x51d
00e2ffec 00000000 774be43b 000bd6a8 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000e2ff20 1a d2 91 7c f1 23 80 7c - 00 00 00 00 50 ff e2 00 ...|.#.|....P...
0000000000e2ff30 50 25 80 7c f8 6d 5c 77 - 30 75 00 00 14 00 00 00 P%.|.m\w0u......
0000000000e2ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
0000000000e2ff50 00 ba 3c dc ff ff ff ff - 10 d1 4a 77 50 ff e2 00 ..<.......JwP...
0000000000e2ff60 30 ff e2 00 68 4c 09 00 - dc ff e2 00 d8 9a 83 7c 0...hL.........|
0000000000e2ff70 60 24 80 7c 00 00 00 00 - 88 ff e2 00 55 24 80 7c `$.|........U$.|
0000000000e2ff80 60 ea 00 00 00 00 00 00 - b4 ff e2 00 2f e3 4b 77 `.........../.Kw
0000000000e2ff90 60 ea 00 00 a8 d6 0b 00 - ee e3 4b 77 00 00 00 00 `.........Kw....
0000000000e2ffa0 00 00 00 00 a8 d6 0b 00 - 00 00 4a 77 56 e4 4b 77 ..........JwV.Kw
0000000000e2ffb0 48 52 65 73 ec ff e2 00 - 29 b7 80 7c a8 d6 0b 00 HRes....)..|....
0000000000e2ffc0 00 00 00 00 48 52 65 73 - a8 d6 0b 00 00 c0 fd 7f ....HRes........
0000000000e2ffd0 00 b6 3b 87 c0 ff e2 00 - 20 dc 0f 87 ff ff ff ff ..;..... .......
0000000000e2ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
0000000000e2fff0 00 00 00 00 3b e4 4b 77 - a8 d6 0b 00 00 00 00 00 ....;.Kw........
0000000000e30000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e30010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e30020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e30030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e30040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e30050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x7c <----*

eax=002700e9 ebx=00000000 ecx=00b50b88 edx=00e6fea8 esi=7c98e178 edi=00000000
eip=7c91e514 esp=00e6f8e4 ebp=00e6f96c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ShimEng.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\msutb.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSCTF.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00e6f96c 7c911046 0198e178 7c927e50 7c98e178 ntdll!KiFastSystemCallRet
00e6fa24 7c927ec0 7e390000 00e6fa60 00000000 ntdll!RtlEnterCriticalSection+0x46
00e6fa40 7c80ae7e 7e390000 00e6fa60 00000000 ntdll!LdrGetProcedureAddress+0x18
00e6fa68 5cea7798 7e390000 5ffb3d8c 00000000 kernel32!GetProcAddress+0x3e
00e6fb8c 5ffcdecf 7e390000 5ffb3d8c 000dbd28 ShimEng+0x7798
00e6fbd8 5ffbd341 00000000 00000000 00e6fbf4 msutb+0x1decf
00e6fc60 5ffbeae5 00000000 000dbd28 00000004 msutb!ClosePopupTipbar+0x3a5c
00e6fc80 5ffb7654 00000000 00000d40 000dbd28 msutb!GetPopupTipbar+0x10af
00e6fca0 746adff4 000dbd28 000006a4 00000004 msutb!SetRegisterLangBand+0x1b6e
00e6fcdc 746ae97d 000dbd28 0000c0a4 00000000 MSCTF!TF_CreateCicLoadMutex+0x7009
00e6fd94 746a1234 0000c0a4 00000000 000006a4 MSCTF!TF_CreateCicLoadMutex+0x7992
00e6fdb4 746a13a6 00000001 00e6fe8c 00000000 MSCTF!TF_UninitSystem+0x853
00e6fdf0 7e3ab372 00000000 00000001 00e6fe8c MSCTF!TF_UninitSystem+0x9c5
00e6fe0c 7e3ab317 00030000 00000001 00e6fe8c USER32!MoveWindow+0xd4
00e6fe48 7e3a78d0 00e6fe7c 00e6fe8c 00e6fea8 USER32!MoveWindow+0x79
00e6fe6c 7c91e473 00e6fe7c 00000030 00030000 USER32!GetWindowTextLengthW+0x9a
00e6fed4 7e399402 00e6ff28 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x13
00e6ff00 010019c1 00e6ff28 00000000 00000000 USER32!PeekMessageW+0x167
00e6ff44 0100ffd1 00000000 00e6ffb4 77f56f42 explorer+0x19c1
00e6ff50 77f56f42 010460f8 0000005c 00000000 explorer+0xffd1
00e6ffb4 7c80b729 00000000 0000005c 00000000 SHLWAPI!Ordinal505+0x3e9
00e6ffec 00000000 77f56ed3 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000e6f8e4 5a df 91 7c 4b b2 92 7c - 70 00 00 00 00 00 00 00 Z..|K..|p.......
0000000000e6f8f4 00 00 00 00 00 00 00 00 - 9b 3d fb 5f c8 f9 e6 00 .........=._....
0000000000e6f904 a0 f9 e6 00 72 b2 41 77 - 90 20 39 77 ff ff ff ff ....r.Aw. 9w....
0000000000e6f914 e7 1e 3a 77 7c 20 3a 77 - 38 a3 0d 00 8a 00 0b 00 ..:w| :w8.......
0000000000e6f924 18 04 00 00 00 00 00 00 - 00 00 00 00 8a 00 0b 00 ................
0000000000e6f934 8a 00 0b 00 54 f9 e6 00 - b2 21 00 01 8a 00 0b 00 ....T....!......
0000000000e6f944 18 04 00 00 00 00 00 00 - 00 00 00 00 38 a3 0d 00 ............8...
0000000000e6f954 00 00 00 00 64 f9 e6 00 - 75 1e 3a 77 d8 f9 e6 00 ....d...u.:w....
0000000000e6f964 00 00 00 00 70 00 00 00 - 24 fa e6 00 46 10 91 7c ....p...$...F..|
0000000000e6f974 78 e1 98 01 50 7e 92 7c - 78 e1 98 7c 8c 3d fb 5f x...P~.|x..|.=._
0000000000e6f984 74 77 ea 5c ff ff 00 00 - c4 f9 e6 00 88 94 39 7e tw.\..........9~
0000000000e6f994 18 71 58 00 00 00 00 00 - 91 94 39 7e 07 04 00 00 .qX.......9~....
0000000000e6f9a4 74 fa e6 00 00 00 39 7e - 88 61 04 01 c8 f9 e6 00 t.....9~.a......
0000000000e6f9b4 c8 f9 e6 00 00 00 00 00 - 07 04 00 00 88 61 04 01 .............a..
0000000000e6f9c4 00 00 00 00 00 00 47 65 - 74 4d 6f 6e 69 74 6f 72 ......GetMonitor
0000000000e6f9d4 49 6e 66 6f 41 00 00 01 - 88 61 04 01 54 fa e6 00 InfoA....a..T...
0000000000e6f9e4 1d 1b 00 01 00 00 00 00 - 18 fa e6 00 34 87 39 7e ............4.9~
0000000000e6f9f4 4e 01 0a 00 07 04 00 00 - 00 00 00 00 00 00 00 00 N...............
0000000000e6fa04 1d 1b 00 01 b9 95 00 00 - 80 f9 e6 00 54 fa e6 00 ............T...
0000000000e6fa14 cc fc e6 00 20 e9 91 7c - 10 7e 92 7c ff ff ff ff .... ..|.~.|....

*----> Vidage de l'état de la thread 0xc4c <----*

eax=7c937edb ebx=00000000 ecx=77da6a87 edx=77da6a4e esi=ffffffff edi=7c91f668
eip=7c91e514 esp=00eaff9c ebp=00eaffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00eaffb4 7c80b729 00000000 7c91f668 ffffffff ntdll!KiFastSystemCallRet
00eaffec 00000000 7c937edb 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000eaff9c 1a d2 91 7c 22 7f 93 7c - 01 00 00 00 ac ff ea 00 ...|"..|........
0000000000eaffac 00 00 00 00 00 00 00 80 - ec ff ea 00 29 b7 80 7c ............)..|
0000000000eaffbc 00 00 00 00 68 f6 91 7c - ff ff ff ff 00 00 00 00 ....h..|........
0000000000eaffcc 00 a0 fd 7f 00 d6 3b 87 - c0 ff ea 00 10 8c 1d 87 ......;.........
0000000000eaffdc ff ff ff ff d8 9a 83 7c - 30 b7 80 7c 00 00 00 00 .......|0..|....
0000000000eaffec 00 00 00 00 00 00 00 00 - db 7e 93 7c 00 00 00 00 .........~.|....
0000000000eafffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000eb00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x6bc <----*

eax=00eeeb53 ebx=00000000 ecx=00eeebbd edx=00eeecd2 esi=7c98e420 edi=7c98e440
eip=7c91e514 esp=00eeff70 ebp=00eeffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00eeffb4 7c80b729 00000000 00e6fce4 00e6fce8 ntdll!KiFastSystemCallRet
00eeffec 00000000 7c920250 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000eeff70 4a da 91 7c 8d 02 92 7c - 1c 02 00 00 ac ff ee 00 J..|...|........
0000000000eeff80 b0 ff ee 00 98 ff ee 00 - a0 ff ee 00 e4 fc e6 00 ................
0000000000eeff90 e8 fc e6 00 00 00 00 00 - 00 00 00 00 b0 1a fc 01 ................
0000000000eeffa0 00 7c 28 e8 ff ff ff ff - a0 ec cd b5 e9 7a 93 7c .|(..........z.|
0000000000eeffb0 e8 b4 f8 01 ec ff ee 00 - 29 b7 80 7c 00 00 00 00 ........)..|....
0000000000eeffc0 e4 fc e6 00 e8 fc e6 00 - 00 00 00 00 00 90 fd 7f ................
0000000000eeffd0 00 b6 3b 87 c0 ff ee 00 - b8 2a 09 87 ff ff ff ff ..;......*......
0000000000eeffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
0000000000eefff0 00 00 00 00 50 02 92 7c - 00 00 00 00 00 00 00 00 ....P..|........
0000000000ef0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000ef00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xf24 <----*

eax=000000c0 ebx=00000000 ecx=00e6fbbc edx=00000000 esi=00000000 edi=00000001
eip=7c91e514 esp=00f2fcec ebp=00f2ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f2ffb4 7c80b729 00000000 00000020 00e6fce4 ntdll!KiFastSystemCallRet
00f2ffec 00000000 7c939b8f 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000f2fcec 4a df 91 7c b6 9c 93 7c - 03 00 00 00 30 fd f2 00 J..|...|....0...
0000000000f2fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
0000000000f2fd0c e4 fc e6 00 00 00 00 00 - 80 f9 98 7c 80 f9 98 7c ...........|...|
0000000000f2fd1c 24 02 00 00 24 0f 00 00 - 03 00 00 00 03 00 00 00 $...$...........
0000000000f2fd2c 02 00 00 00 20 02 00 00 - a4 05 00 00 08 02 00 00 .... ...........
0000000000f2fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000f2fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xf84 <----*

eax=00000006 ebx=0151fd58 ecx=7c8095c0 edx=7c91e514 esi=00000000 edi=7ffd5000
eip=7c91e514 esp=0151fd30 ebp=0151fdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0151fdcc 7e3995f9 00000007 0151fdf4 00000000 ntdll!KiFastSystemCallRet
0151fe28 7ca04308 00000006 0151fe50 ffffffff USER32!GetLastInputInfo+0x105
0151ff4c 7ca21fc4 77f56f42 00000000 7c8099fa SHELL32!Shell_GetCachedImageIndex+0x450
0151ffb4 7c80b729 00000000 7c8099fa 00090000 SHELL32!Ordinal753+0x133
0151ffec 00000000 77f56ed3 00e6f4d4 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000151fd30 4a df 91 7c 90 95 80 7c - 07 00 00 00 58 fd 51 01 J..|...|....X.Q.
000000000151fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000151fd50 07 00 00 00 02 00 00 00 - c8 05 00 00 00 04 00 00 ................
000000000151fd60 10 04 00 00 5c 02 00 00 - 8c 02 00 00 78 02 00 00 ....\.......x...
000000000151fd70 50 02 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 P...0...........
000000000151fd80 b8 37 0d 00 00 00 00 00 - 00 00 00 00 ec fd 51 01 .7............Q.
000000000151fd90 8f 04 3c 7e 30 88 39 7e - 00 50 fd 7f 00 70 fd 7f ..<~0.9~.P...p..
000000000151fda0 cd 89 39 7e 00 00 00 00 - 58 fd 51 01 ce 00 07 00 ..9~....X.Q.....
000000000151fdb0 07 00 00 00 4c fd 51 01 - 00 00 00 00 dc ff 51 01 ....L.Q.......Q.
000000000151fdc0 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 28 fe 51 01 ...|...|....(.Q.
000000000151fdd0 f9 95 39 7e 07 00 00 00 - f4 fd 51 01 00 00 00 00 ..9~......Q.....
000000000151fde0 ff ff ff ff 01 00 00 00 - d8 8c 0c 00 06 00 00 00 ................
000000000151fdf0 00 00 00 00 c8 05 00 00 - 00 04 00 00 10 04 00 00 ................
000000000151fe00 5c 02 00 00 8c 02 00 00 - 78 02 00 00 50 02 00 00 \.......x...P...
000000000151fe10 00 00 00 00 9c b0 00 00 - 00 00 00 00 01 00 00 00 ................
000000000151fe20 00 70 fd 7f 50 02 00 00 - 4c ff 51 01 08 43 a0 7c .p..P...L.Q..C.|
000000000151fe30 06 00 00 00 50 fe 51 01 - ff ff ff ff ff 04 00 00 ....P.Q.........
000000000151fe40 f4 fd 51 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..Q.............
000000000151fe50 c8 05 00 00 00 04 00 00 - 10 04 00 00 5c 02 00 00 ............\...
000000000151fe60 8c 02 00 00 78 02 00 00 - 90 9a 80 7c d8 8c 0c 00 ....x......|....

*----> Vidage de l'état de la thread 0xf14 <----*

eax=0012bbb0 ebx=00000000 ecx=020c0002 edx=020c0003 esi=7c98e420 edi=7c98e440
eip=7c91e514 esp=015bff70 ebp=015bffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
015bffb4 7c80b729 00000000 0007e054 0007e054 ntdll!KiFastSystemCallRet
015bffec 00000000 7c920250 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000015bff70 4a da 91 7c 8d 02 92 7c - 1c 02 00 00 ac ff 5b 01 J..|...|......[.
00000000015bff80 b0 ff 5b 01 98 ff 5b 01 - a0 ff 5b 01 54 e0 07 00 ..[...[...[.T...
00000000015bff90 54 e0 07 00 00 00 00 00 - 00 00 00 00 18 8f 16 00 T...............
00000000015bffa0 00 7c 28 e8 ff ff ff ff - a0 ec cd b5 e9 7a 93 7c .|(..........z.|
00000000015bffb0 c8 18 17 00 ec ff 5b 01 - 29 b7 80 7c 00 00 00 00 ......[.)..|....
00000000015bffc0 54 e0 07 00 54 e0 07 00 - 00 00 00 00 00 60 fd 7f T...T........`..
00000000015bffd0 00 b6 3b 87 c0 ff 5b 01 - 00 83 08 87 ff ff ff ff ..;...[.........
00000000015bffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
00000000015bfff0 00 00 00 00 50 02 92 7c - 00 00 00 00 00 00 00 00 ....P..|........
00000000015c0000 00 00 00 00 9f 40 13 00 - 10 00 90 01 17 00 b0 01 .....@..........
00000000015c0010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00 00 ................
00000000015c0020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00 00 ................
00000000015c0030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00 00 ................
00000000015c0040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................
00000000015c0050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015c0060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff ff ................
00000000015c0070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015c0080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000015c0090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00 00 !......@........
00000000015c00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 40 ...............@

*----> Vidage de l'état de la thread 0x6f4 <----*

eax=023c8040 ebx=00000000 ecx=01f70228 edx=01f701d8 esi=7c98e420 edi=7c98e440
eip=7c91e514 esp=0182ff70 ebp=0182ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0182ffb4 7c80b729 00000000 00e6f8c4 00e6f8c4 ntdll!KiFastSystemCallRet
0182ffec 00000000 7c920250 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000182ff70 4a da 91 7c 8d 02 92 7c - 1c 02 00 00 ac ff 82 01 J..|...|........
000000000182ff80 b0 ff 82 01 98 ff 82 01 - a0 ff 82 01 c4 f8 e6 00 ................
000000000182ff90 c4 f8 e6 00 00 00 00 00 - 00 00 00 00 00 ee 13 00 ................
000000000182ffa0 00 7c 28 e8 ff ff ff ff - a0 ec cd b5 e9 7a 93 7c .|(..........z.|
000000000182ffb0 78 6b 16 00 ec ff 82 01 - 29 b7 80 7c 00 00 00 00 xk......)..|....
000000000182ffc0 c4 f8 e6 00 c4 f8 e6 00 - 00 00 00 00 00 40 fd 7f .............@..
000000000182ffd0 00 d6 3b 87 c0 ff 82 01 - e0 1e 63 85 ff ff ff ff ..;.......c.....
000000000182ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000182fff0 00 00 00 00 50 02 92 7c - 00 00 00 00 00 00 00 00 ....P..|........
0000000001830000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001830090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000018300a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xa48 <----*

eax=7ffd2004 ebx=00000000 ecx=00000072 edx=7ffa0072 esi=7c98e420 edi=7c98e440
eip=7c91e514 esp=0186ff70 ebp=0186ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0186ffb4 7c80b729 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
0186ffec 00000000 7c920250 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000186ff70 4a da 91 7c 8d 02 92 7c - 1c 02 00 00 ac ff 86 01 J..|...|........
000000000186ff80 b0 ff 86 01 98 ff 86 01 - a0 ff 86 01 00 00 00 00 ................
000000000186ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 88 6d fb 01 .............m..
000000000186ffa0 00 7c 28 e8 ff ff ff ff - a0 ec cd b5 e9 7a 93 7c .|(..........z.|
000000000186ffb0 a8 8d fb 01 ec ff 86 01 - 29 b7 80 7c 00 00 00 00 ........)..|....
000000000186ffc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 f0 fa 7f ................
000000000186ffd0 00 b6 3b 87 c0 ff 86 01 - 48 43 d3 86 ff ff ff ff ..;.....HC......
000000000186ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000186fff0 00 00 00 00 50 02 92 7c - 00 00 00 00 00 00 00 00 ....P..|........
0000000001870000 08 00 00 00 c0 60 00 00 - 00 00 00 00 ff ff ff ff .....`..........
0000000001870010 c0 5f 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ._..............
0000000001870020 00 00 00 00 00 00 00 00 - 70 00 00 00 90 00 00 00 ........p.......
0000000001870030 55 8c 46 ba 56 99 b1 4f - a5 9d 52 a7 dd 7c c6 aa U.F.V..O..R..|..
0000000001870040 0e 00 00 00 02 00 00 00 - 05 40 00 80 7c 00 00 00 .........@..|...
0000000001870050 30 0f 00 00 00 00 00 00 - b2 4f 0e 00 00 00 00 00 0........O......
0000000001870060 00 00 00 00 48 00 00 00 - 58 00 00 00 60 00 00 00 ....H...X...`...
0000000001870070 08 00 00 00 01 00 04 00 - 03 00 00 00 00 00 00 00 ................
0000000001870080 10 00 00 00 01 00 02 00 - 01 00 00 00 03 00 00 00 ................
0000000001870090 02 00 00 00 00 00 00 00 - 01 00 00 00 cc 06 05 08 ................
00000000018700a0 01 00 00 00 65 06 05 7c - 00 04 00 00 c5 6a 31 00 ....e..|.....j1.

*----> Vidage de l'état de la thread 0xbf4 <----*

eax=01edf6c0 ebx=00000000 ecx=01f88ee8 edx=00000000 esi=00093200 edi=0016e148
eip=7c91e514 esp=0175fe18 ebp=0175ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0175ff80 77e56caf 0175ffa8 77e56ad1 00093200 ntdll!KiFastSystemCallRet
0175ff88 77e56ad1 00093200 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x61c
0175ffa8 77e56c97 000a9960 0175ffec 7c80b729 RPCRT4!I_RpcBCacheFree+0x43e
0175ffb4 7c80b729 0017b180 00000000 00000000 RPCRT4!I_RpcBCacheFree+0x604
0175ffec 00000000 77e56c7d 0017b180 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000175fe18 aa da 91 7c e3 65 e5 77 - d4 01 00 00 74 ff 75 01 ...|.e.w....t.u.
000000000175fe28 00 00 00 00 28 c2 17 00 - 50 ff 75 01 79 08 9f f7 ....(...P.u.y...
000000000175fe38 d4 eb cd b5 00 00 00 00 - 00 00 00 00 20 00 10 00 ............ ...
000000000175fe48 f8 00 00 00 00 00 00 00 - 00 00 00 00 20 20 70 85 ............ p.
000000000175fe58 09 08 ee 86 20 20 70 85 - 20 20 70 00 58 eb cd b5 .... p. p.X...
000000000175fe68 84 9f 4d 80 90 20 70 85 - 02 08 ee 86 00 00 00 00 ..M.. p.........
000000000175fe78 06 02 00 00 91 c7 4d 80 - 02 f4 6b 85 c3 20 4e 80 ......M...k.. N.
000000000175fe88 08 a1 31 87 00 7c 5d 85 - 48 08 ee 86 88 eb cd b5 ..1..|].H.......
000000000175fe98 8b 66 bb f7 64 7c 5d 85 - 00 00 00 00 00 00 00 00 .f..d|].........
000000000175fea8 9c eb cd b5 9f 5b f5 b8 - 60 7c 5d 85 00 00 00 00 .....[..`|].....
000000000175feb8 f8 03 ee 86 c4 eb cd b5 - 2a b1 52 f7 c0 cc f3 86 ........*.R.....
000000000175fec8 00 7c 5d 85 39 b1 52 f7 - 28 04 ee 86 f8 03 ee 86 .|].9.R.(.......
000000000175fed8 00 00 00 00 08 a1 31 87 - 00 00 00 00 dc eb cd b5 ......1.........
000000000175fee8 da b8 52 f7 fd b8 52 f7 - dc eb cd b5 00 00 00 00 ..R...R.........
000000000175fef8 51 54 14 f6 f8 eb cd b5 - 5d c9 14 f6 00 2c 15 f6 QT......]....,..
000000000175ff08 20 3b 0e 87 40 4f 13 87 - 30 f1 0f 87 80 f5 0f 87 ;..@O..0.......
000000000175ff18 38 65 b2 f7 66 c7 4d 80 - 00 24 1a 87 2f c5 4d 80 8e..f.M..$../.M.
000000000175ff28 ec 25 1a 87 80 ff 75 01 - ae df e5 77 48 ff 75 01 .%....u....wH.u.
000000000175ff38 be df e5 77 e0 10 91 7c - f0 b1 11 00 80 b1 17 00 ...w...|........
000000000175ff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0xc8c <----*

eax=01f86938 ebx=00004e20 ecx=019ff404 edx=7c91e501 esi=019ffd68 edi=7e3991c6
eip=7c91e514 esp=019ffcf8 ebp=019ffd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
019ffd14 76541565 019ffd68 00000000 00000000 ntdll!KiFastSystemCallRet
019ffd8c 7654362e 76540000 00000000 000b0120 stobject+0x1565
019fffb4 7c80b729 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x19e4
019fffec 00000000 765435df 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0

bonjour,

ok pour basculer sur une autre section pour essayer de résoudre ce petit désagrément.Je n'ai pas désinstaller combofix .merci de me dire la meilleure façon de le désinstaller(pas trouver de fichier desinstall ou par ajout/suppresion programme
@+

Bonjour,

la manip ne fonctionne pas . le système dit qu'il ne trouve pas le fichier combofix, si il n'y a pas risque je vais laisser le programme sur ma session administrateur; faut il absolument supprimer combofix si oui par quelle autre méthode.

@+

la manip ne passe pas peut être faut il changer les libelles

cdlt
@+

Oui il faut indiqué le chemain.

Faire une recherche avec combofix et supprimer le manuellement.

Si votre antivirus vous ennuit oui le fermer.

Pour le restant exact!