Se connecter avec
S'enregistrer | Connectez-vous

Rapport dr watson

Dernière réponse : dans Le monde de Windows

bonjour,
je poste ce rapport dr watson suite à des problèmes de plantage explorer .exe.si je ne suis pas dans la bonne rubrique merci de me dire la catégorie la mieux adaptéeà ce genre de problème.d'avance je vous remercie

Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. Tous droits réservés.



Une exception d'application s'est produite :
App : C:\WINDOWS\explorer.exe (pid=400)
Lorsque : 17/07/2009 @ 20:03:06.890
Numéro d'exception : c0000005 (violation d'accès)

*----> Informations système <----*
Nom ordinateur : SN100673850008
Nom utilisateur : jpierre
ID de la session Terminal : 0
Nombre de processeurs : 2
Type de processeur : x86 Family 15 Model 2 Stepping 9
Version de Windows : 5.1
Numéro actuel : 2600
Service Pack : 3
Type actuel : Multiprocessor Free
Organisation enregistrée :
Propriétaire enregistré : jean-pierre

*----> Liste des tâches <----*
0 System Process
4 System
552 smss.exe
600 csrss.exe
628 winlogon.exe
672 services.exe
684 lsass.exe
904 svchost.exe
964 svchost.exe
1028 livesrv.exe
1044 svchost.exe
1164 svchost.exe
1196 svchost.exe
1328 spoolsv.exe
1420 sched.exe
1484 svchost.exe
1540 avguard.exe
1552 AppleMobileDeviceService.exe
1596 ehSched.exe
1656 FsUsbExService.Exe
1716 GhostStartService.exe
1796 jqs.exe
1820 LSSrvc.exe
2012 naviagent.exe
176 slserv.exe
268 svchost.exe
356 wdfmgr.exe
2076 alg.exe
2324 NAVICL~1.EXE
3216 svchost.exe
3548 iPodService.exe
460 V0230Mon.exe
3388 realsched.exe
2040 avgnt.exe
4016 jusched.exe
2696 iTunesHelper.exe
3912 ctfmon.exe
544 msnmsgr.exe
2988 NPSAgent.exe
3700 uWDF.exe
400 explorer.exe
3392 drwtsn32.exe

*----> Liste des modules <----*
(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll
(0000000001000000 - 0000000001100000: C:\WINDOWS\explorer.exe
(0000000001100000 - 00000000013da000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001fa0000 - 0000000001fdd000: C:\WINDOWS\system32\webcheck.dll
(0000000002bc0000 - 0000000002d47000: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
(0000000003460000 - 000000000346a000: C:\WINDOWS\system32\WMDMLOG.dll
(0000000003470000 - 0000000003477000: C:\WINDOWS\system32\WdfApi.dll
(0000000003500000 - 0000000003506000: C:\WINDOWS\system32\wpdtrace.dll
(00000000035d0000 - 0000000003636000: C:\WINDOWS\system32\wpdsp.dll
(0000000003820000 - 000000000386c000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
(00000000070d0000 - 000000000710b000: C:\WINDOWS\system32\WMASF.DLL
(00000000086d0000 - 0000000008917000: C:\WINDOWS\system32\WMVCore.DLL
(0000000008d60000 - 0000000008d98000: C:\WINDOWS\system32\MsPMSP.dll
(0000000008df0000 - 0000000008e41000: C:\WINDOWS\system32\MSWMDM.dll
(0000000008e60000 - 0000000008e6b000: C:\WINDOWS\system32\WMDMPS.dll
(0000000010000000 - 0000000010011000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(000000001f840000 - 000000001f858000: C:\WINDOWS\system32\odbcint.dll
(00000000200e0000 - 00000000200ee000: C:\WINDOWS\system32\eappprxy.dll
(00000000404a0000 - 0000000040586000: C:\WINDOWS\system32\WININET.dll
(0000000040b40000 - 0000000040d28000: C:\WINDOWS\system32\iertutil.dll
(0000000040d30000 - 00000000417c1000: C:\WINDOWS\system32\ieframe.dll
(0000000043ff0000 - 0000000043ff9000: C:\WINDOWS\system32\jsproxy.dll
(0000000045180000 - 00000000452b1000: C:\WINDOWS\system32\urlmon.dll
(0000000058b50000 - 0000000058bea000: C:\WINDOWS\system32\comctl32.dll
(00000000595b0000 - 000000005977a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(000000005b090000 - 000000005b0c8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b660000 - 000000005b66a000: C:\WINDOWS\system32\dot3api.dll
(000000005b950000 - 000000005b9c3000: C:\WINDOWS\System32\themeui.dll
(000000005cea0000 - 000000005cec6000: C:\WINDOWS\system32\ShimEng.dll
(000000005f140000 - 000000005f157000: C:\WINDOWS\system32\olepro32.dll
(000000005ffb0000 - 000000005ffe3000: C:\WINDOWS\System32\msutb.dll
(0000000062dc0000 - 0000000062dc9000: C:\WINDOWS\system32\LPK.DLL
(0000000062e40000 - 0000000062e99000: C:\WINDOWS\system32\hnetcfg.dll
(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll
(00000000698e0000 - 00000000698f6000: C:\WINDOWS\system32\faultrep.dll
(000000006c650000 - 000000006c69d000: C:\WINDOWS\system32\DUSER.dll
(000000006da60000 - 000000006da82000: C:\WINDOWS\system32\eappcfg.dll
(000000006fee0000 - 000000006ff35000: C:\WINDOWS\system32\NETAPI32.dll
(0000000071600000 - 0000000071613000: C:\WINDOWS\system32\browselc.dll
(0000000071990000 - 00000000719d0000: C:\WINDOWS\system32\mswsock.dll
(00000000719d0000 - 00000000719d8000: C:\WINDOWS\System32\wshtcpip.dll
(00000000719e0000 - 00000000719e8000: C:\WINDOWS\system32\WS2HELP.dll
(00000000719f0000 - 0000000071a07000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a10000 - 0000000071a1a000: C:\WINDOWS\system32\wsock32.dll
(0000000071a60000 - 0000000071a72000: C:\WINDOWS\system32\MPR.dll
(0000000071b50000 - 0000000071b63000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071b70000 - 0000000071b7e000: C:\WINDOWS\System32\ntlanman.dll
(0000000071be0000 - 0000000071be7000: C:\WINDOWS\System32\NETRAP.dll
(0000000071bf0000 - 0000000071c30000: C:\WINDOWS\System32\NETUI1.dll
(0000000071c30000 - 0000000071c47000: C:\WINDOWS\System32\NETUI0.dll
(0000000072640000 - 0000000072646000: C:\WINDOWS\system32\dot3dlg.dll
(0000000072c60000 - 0000000072c68000: C:\WINDOWS\system32\msacm32.drv
(0000000072c70000 - 0000000072c79000: C:\WINDOWS\system32\wdmaud.drv
(0000000073990000 - 00000000739b8000: C:\WINDOWS\system32\OneX.DLL
(0000000073af0000 - 0000000073b04000: C:\WINDOWS\System32\sti.dll
(0000000074690000 - 00000000746dc000: C:\WINDOWS\system32\MSCTF.dll
(0000000074730000 - 000000007476d000: C:\WINDOWS\system32\ODBC32.dll
(0000000074a40000 - 0000000074a48000: C:\WINDOWS\system32\POWRPROF.dll
(0000000074a50000 - 0000000074a57000: C:\WINDOWS\System32\CFGMGR32.dll
(0000000074a60000 - 0000000074a6a000: C:\WINDOWS\system32\BatMeter.dll
(0000000075140000 - 000000007516e000: C:\WINDOWS\system32\msctfime.ime
(00000000753c0000 - 000000007542b000: C:\WINDOWS\system32\USP10.dll
(0000000075900000 - 00000000759fa000: C:\WINDOWS\system32\MSGINA.dll
(0000000075d30000 - 0000000075dc1000: C:\WINDOWS\system32\MLANG.dll
(0000000075ef0000 - 0000000075ef7000: C:\WINDOWS\System32\drprov.dll
(0000000075f00000 - 0000000075f0a000: C:\WINDOWS\System32\davclnt.dll
(0000000075f10000 - 000000007600d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076010000 - 0000000076075000: C:\WINDOWS\system32\MSVCP60.dll
(00000000762f0000 - 0000000076300000: C:\WINDOWS\system32\WINSTA.dll
(0000000076310000 - 0000000076315000: C:\WINDOWS\System32\MSIMG32.dll
(0000000076320000 - 000000007633d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076340000 - 000000007638a000: C:\WINDOWS\system32\comdlg32.dll
(0000000076390000 - 0000000076539000: C:\WINDOWS\system32\NETSHELL.dll
(0000000076540000 - 0000000076561000: C:\WINDOWS\system32\stobject.dll
(0000000076590000 - 00000000765ad000: C:\WINDOWS\System32\CSCDLL.dll
(00000000765b0000 - 0000000076606000: C:\WINDOWS\System32\cscui.dll
(0000000076610000 - 0000000076694000: C:\WINDOWS\system32\CRYPTUI.dll
(0000000076920000 - 0000000076928000: C:\WINDOWS\system32\LINKINFO.dll
(0000000076930000 - 0000000076956000: C:\WINDOWS\system32\ntshrui.dll
(0000000076960000 - 0000000076a16000: C:\WINDOWS\system32\USERENV.dll
(0000000076ac0000 - 0000000076ad1000: C:\WINDOWS\system32\ATL.DLL
(0000000076ae0000 - 0000000076b0f000: C:\WINDOWS\system32\WINMM.dll
(0000000076bb0000 - 0000000076bdf000: C:\WINDOWS\system32\credui.dll
(0000000076be0000 - 0000000076c0e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c40000 - 0000000076c68000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d10000 - 0000000076d29000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e30000 - 0000000076e3e000: C:\WINDOWS\system32\rtutils.dll
(0000000076f00000 - 0000000076f08000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f10000 - 0000000076f3d000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076f80000 - 0000000076fff000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077000000 - 00000000770d4000: C:\WINDOWS\system32\COMRes.dll
(00000000770e0000 - 000000007716b000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077210000 - 00000000772c1000: C:\WINDOWS\system32\SXS.DLL
(0000000077390000 - 0000000077493000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(00000000774a0000 - 00000000775dd000: C:\WINDOWS\system32\ole32.dll
(00000000778e0000 - 00000000779d8000: C:\WINDOWS\system32\SETUPAPI.dll
(00000000779e0000 - 0000000077a77000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077a80000 - 0000000077a92000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b50000 - 0000000077b72000: C:\WINDOWS\system32\appHelp.dll
(0000000077ba0000 - 0000000077ba7000: C:\WINDOWS\system32\midimap.dll
(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077da0000 - 0000000077e4c000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee2000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f39000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll
(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
(000000007c420000 - 000000007c4a7000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll
(000000007c800000 - 000000007c906000: C:\WINDOWS\system32\kernel32.dll
(000000007c910000 - 000000007c9c9000: C:\WINDOWS\system32\ntdll.dll
(000000007c9d0000 - 000000007d1f5000: C:\WINDOWS\system32\SHELL32.dll
(000000007d200000 - 000000007d4bc000: C:\WINDOWS\system32\msi.dll
(000000007e210000 - 000000007e381000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e390000 - 000000007e421000: C:\WINDOWS\system32\USER32.dll

*----> Vidage de l'état de la thread 0x118 <----*

eax=0007fb60 ebx=00000003 ecx=00111180 edx=000001dc esi=000eb9c8 edi=00000000
eip=7c91e514 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\explorer.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007ff08 7ca23abc 00000000 0007ff5c 01013256 ntdll!KiFastSystemCallRet
0007ff14 01013256 000eb9c8 7ffd5000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a5c7 00000000 00000000 000207b2 explorer+0x13256
0007ffc0 7c817077 000743a8 0006e890 7ffd5000 explorer+0x1a5c7
0007fff0 00000000 0101a55f 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Vidage brut de la pile <----*
000000000007fef0 18 94 39 7e 2e 7a 9f 7c - 4a 93 80 7c c8 b9 0e 00 ..9~.z.|J..|....
000000000007ff00 c8 b9 0e 00 14 ff 07 00 - 14 ff 07 00 bc 3a a2 7c .............:.|
000000000007ff10 00 00 00 00 5c ff 07 00 - 56 32 01 01 c8 b9 0e 00 ....\...V2......
000000000007ff20 00 50 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 .P..........$...
000000000007ff30 50 ff 07 00 e0 ff 07 00 - 0a d8 91 7c 05 ad 80 7c P..........|...|
000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 3a 9f 32 00 ............:.2.
000000000007ff50 ec 00 00 00 01 00 00 00 - c8 b9 0e 00 c0 ff 07 00 ................
000000000007ff60 c7 a5 01 01 00 00 00 00 - 00 00 00 00 b2 07 02 00 ................
000000000007ff70 05 00 00 00 a8 43 07 00 - 90 e8 06 00 44 00 00 00 .....C......D...
000000000007ff80 04 08 02 00 e4 07 02 00 - b4 07 02 00 00 00 00 00 ................
000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2e 00 00 00 ................
000000000007ffa0 00 00 00 00 3a ef 06 00 - 01 00 00 00 05 00 00 00 ....:...........
000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007ffc0 f0 ff 07 00 77 70 81 7c - a8 43 07 00 90 e8 06 00 ....wp.|.C......
000000000007ffd0 00 50 fd 7f fa 12 55 80 - c8 ff 07 00 20 70 10 87 .P....U..... p..
000000000007ffe0 ff ff ff ff d8 9a 83 7c - 80 70 81 7c 00 00 00 00 .......|.p.|....
000000000007fff0 00 00 00 00 00 00 00 00 - 5f a5 01 01 00 00 00 00 ........_.......
0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..
0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......
0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> Vidage de l'état de la thread 0x8c0 <----*

eax=0359f6c0 ebx=00000000 ecx=000d0b40 edx=00000000 esi=000b7b80 edi=000b7c24
eip=7c91e514 esp=00f3fe18 ebp=00f3ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00f3ff80 77e56caf 00f3ffa8 77e56ad1 000b7b80 ntdll!KiFastSystemCallRet
00f3ff88 77e56ad1 000b7b80 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x61c
00f3ffa8 77e56c97 000b7a38 00f3ffec 7c80b729 RPCRT4!I_RpcBCacheFree+0x43e
00f3ffb4 7c80b729 000c76c0 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x604
00f3ffec 00000000 77e56c7d 000c76c0 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000f3fe18 aa da 91 7c e3 65 e5 77 - e8 01 00 00 74 ff f3 00 ...|.e.w....t...
0000000000f3fe28 00 00 00 00 50 f7 51 02 - 48 ff f3 00 02 00 00 00 ....P.Q.H.......
0000000000f3fe38 02 00 00 00 40 f5 df ff - 02 ff 1f c0 3e 82 4e 80 ....@.......>.N.
0000000000f3fe48 00 c0 fd 7f 74 1b 77 b5 - 02 ff 1f c0 00 00 77 b5 ....t.w.......w.
0000000000f3fe58 f3 a9 4e 80 00 b0 fd 7f - 01 00 00 00 00 00 00 00 ..N.............
0000000000f3fe68 6c ff 1f c0 02 00 00 00 - fc 07 30 c0 0c 1c 77 b5 l.........0...w.
0000000000f3fe78 9a 12 4f 80 74 1b 77 b5 - 00 00 00 00 00 00 00 00 ..O.t.w.........
0000000000f3fe88 a8 de f1 86 10 c8 10 87 - 01 c8 10 87 00 00 00 00 ................
0000000000f3fe98 6c ff 1f c0 3c 1c 77 b5 - 43 1d 70 80 28 1c 77 b5 l...<.w.C.p.(.w.
0000000000f3fea8 27 14 70 80 00 0d db ba - 00 00 00 00 00 00 00 00 '.p.............
0000000000f3feb8 c4 1b 77 b5 00 00 00 00 - ab 38 4e 80 08 00 00 00 ..w......8N.....
0000000000f3fec8 87 02 00 00 44 28 66 80 - ff ff ff ff 00 b0 fd 7f ....D(f.........
0000000000f3fed8 00 00 00 00 38 ab 59 85 - 00 00 00 00 00 00 00 00 ....8.Y.........
0000000000f3fee8 00 00 00 00 d8 1b 77 b5 - ff ff ff ff 40 f5 df ff ......w.....@...
0000000000f3fef8 00 00 00 00 10 14 70 80 - bc 01 60 85 28 1c 77 b5 ......p...`.(.w.
0000000000f3ff08 00 00 00 00 27 14 70 80 - 08 00 00 00 46 02 00 00 ....'.p.....F...
0000000000f3ff18 e8 1b 4e 80 90 00 60 85 - 20 00 60 85 1e 1c 4e 80 ..N...`. .`...N.
0000000000f3ff28 8c 01 60 85 80 ff f3 00 - ae df e5 77 48 ff f3 00 ..`........wH...
0000000000f3ff38 be df e5 77 e0 10 91 7c - 00 6e 0c 00 c0 76 0c 00 ...w...|.n...v..
0000000000f3ff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0x990 <----*

eax=5ffb1bb8 ebx=0018c3a0 ecx=0018c3a0 edx=00000335 esi=00fdfc44 edi=0018c3e8
eip=5ffc9187 esp=00fdfbb4 ebp=00fdfbc4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\msutb.dll -
fonction : msutb
5ffc917c cc int 3
5ffc917d cc int 3
5ffc917e cc int 3
5ffc917f 8bc1 mov eax,ecx
5ffc9181 c3 ret
5ffc9182 cc int 3
5ffc9183 cc int 3
5ffc9184 cc int 3
5ffc9185 cc int 3
5ffc9186 cc int 3
5ffc9187 8bc1 mov eax,ecx
5ffc9189 83781800 cmp dword ptr [eax+0x18],0x0
5ffc918d 740f jz msutb+0x1919e (5ffc919e)
5ffc918f 8b4818 mov ecx,[eax+0x18]
5ffc9192 8b11 mov edx,[ecx]
5ffc9194 83c038 add eax,0x38
5ffc9197 50 push eax
5ffc9198 ff924c010000 call dword ptr [edx+0x14c]
5ffc919e c3 ret
5ffc919f cc int 3
5ffc91a0 cc int 3

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSCTF.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
00fdfbc4 5ffcc06e 00fdfc34 0018c300 0018c328 msutb+0x19187
00fdfbfc 5ffbd6ec 00fdfc34 000ea550 0016ab50 msutb+0x1c06e
00fdfc80 5ffbeae5 000004cc 000c57b8 00000004 msutb!ClosePopupTipbar+0x3e07
00fdfca0 746adf8d 00000000 000004cc 00000004 msutb!GetPopupTipbar+0x10af
00fdfcdc 746ae97d 000ea550 0000c101 00000000 MSCTF!TF_CreateCicLoadMutex+0x6fa2
00fdfd94 746a1234 0000c101 00000000 00000000 MSCTF!TF_CreateCicLoadMutex+0x7992
00fdfdb4 746a13a6 00000001 00fdfe8c 00000000 MSCTF!TF_UninitSystem+0x853
00fdfdf0 7e3ab372 00000000 00000001 00fdfe8c MSCTF!TF_UninitSystem+0x9c5
00fdfe0c 7e3ab317 00030000 00000001 00fdfe8c USER32!MoveWindow+0xd4
00fdfe48 7e3a78d0 00fdfe7c 00fdfe8c 00fdfea8 USER32!MoveWindow+0x79
00fdfe6c 7c91e473 00fdfe7c 00000030 00030000 USER32!GetWindowTextLengthW+0x9a
00fdfed4 7e399402 00fdff28 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x13
00fdff00 010019c1 00fdff28 00000000 00000000 USER32!PeekMessageW+0x167
00fdff44 0100ffd1 00000000 00fdffb4 77f56f42 explorer+0x19c1
00fdff50 77f56f42 010460f8 0000005c 00000000 explorer+0xffd1
00fdffb4 7c80b729 00000000 0000005c 00000000 SHLWAPI!Ordinal505+0x3e9
00fdffec 00000000 77f56ed3 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000000fdfbb4 a8 92 fc 5f 00 c3 18 00 - 28 c3 18 00 a0 c3 18 00 ..._....(.......
0000000000fdfbc4 fc fb fd 00 6e c0 fc 5f - 34 fc fd 00 00 c3 18 00 ....n.._4.......
0000000000fdfbd4 28 c3 18 00 50 ab 16 00 - 00 04 00 00 00 03 00 00 (...P...........
0000000000fdfbe4 00 00 00 00 ba 84 39 7e - 05 9c 3a 7e cc 04 00 00 ......9~..:~....
0000000000fdfbf4 28 00 00 00 80 fc fd 00 - 80 fc fd 00 ec d6 fb 5f (.............._
0000000000fdfc04 34 fc fd 00 50 a5 0e 00 - 50 ab 16 00 00 00 00 00 4...P...P.......
0000000000fdfc14 00 00 00 00 00 00 00 00 - 00 04 00 00 e2 02 00 00 ................
0000000000fdfc24 7c a5 0e 00 38 fc fd 00 - b6 35 fd 5f e0 82 17 00 |...8....5._....
0000000000fdfc34 01 00 00 00 00 00 00 00 - 15 00 00 00 1c 00 00 00 ................
0000000000fdfc44 5c a5 0e 00 ff ff ff ff - e2 ff ff ff 00 00 00 00 \...............
0000000000fdfc54 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
0000000000fdfc64 00 00 00 00 14 00 00 00 - 00 00 00 00 0c 04 0c 04 ................
0000000000fdfc74 00 00 00 00 00 00 00 00 - 00 c3 18 00 a0 fc fd 00 ................
0000000000fdfc84 e5 ea fb 5f cc 04 00 00 - b8 57 0c 00 04 00 00 00 ..._.....W......
0000000000fdfc94 00 00 00 00 e6 00 0f 00 - 00 00 00 00 dc fc fd 00 ................
0000000000fdfca4 8d df 6a 74 00 00 00 00 - cc 04 00 00 04 00 00 00 ..jt............
0000000000fdfcb4 00 00 00 00 04 00 00 00 - 84 fc fd 00 b8 57 0c 00 .............W..
0000000000fdfcc4 b0 fc fd 00 d8 9a 83 7c - 84 fd fd 00 a6 f1 6c 74 .......|......lt
0000000000fdfcd4 50 e1 6a 74 00 00 00 00 - 94 fd fd 00 7d e9 6a 74 P.jt........}.jt
0000000000fdfce4 50 a5 0e 00 01 c1 00 00 - 00 00 00 00 00 00 00 00 P...............

*----> Vidage de l'état de la thread 0xe94 <----*

eax=7c937edb ebx=00000000 ecx=77da6a87 edx=77da6a4e esi=ffffffff edi=7c91f668
eip=7c91e514 esp=0141ff9c ebp=0141ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0141ffb4 7c80b729 00000000 7c91f668 ffffffff ntdll!KiFastSystemCallRet
0141ffec 00000000 7c937edb 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000141ff9c 1a d2 91 7c 22 7f 93 7c - 01 00 00 00 ac ff 41 01 ...|"..|......A.
000000000141ffac 00 00 00 00 00 00 00 80 - ec ff 41 01 29 b7 80 7c ..........A.)..|
000000000141ffbc 00 00 00 00 68 f6 91 7c - ff ff ff ff 00 00 00 00 ....h..|........
000000000141ffcc 00 a0 fd 7f 00 d6 3b 87 - c0 ff 41 01 78 02 eb 86 ......;...A.x...
000000000141ffdc ff ff ff ff d8 9a 83 7c - 30 b7 80 7c 00 00 00 00 .......|0..|....
000000000141ffec 00 00 00 00 00 00 00 00 - db 7e 93 7c 00 00 00 00 .........~.|....
000000000141fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000142009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000014200ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000014200bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000014200cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x984 <----*

eax=00000000 ebx=00000000 ecx=0149fc80 edx=7c91e514 esi=00000000 edi=00000001
eip=7c91e514 esp=0149fcec ebp=0149ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0149ffb4 7c80b729 00000000 00000020 00fdfce4 ntdll!KiFastSystemCallRet
0149ffec 00000000 7c939b8f 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000149fcec 4a df 91 7c b6 9c 93 7c - 03 00 00 00 30 fd 49 01 J..|...|....0.I.
000000000149fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
000000000149fd0c e4 fc fd 00 00 00 00 00 - 80 f9 98 7c 80 f9 98 7c ...........|...|
000000000149fd1c 38 02 00 00 84 09 00 00 - 03 00 00 00 03 00 00 00 8...............
000000000149fd2c 02 00 00 00 34 02 00 00 - c4 05 00 00 1c 02 00 00 ....4...........
000000000149fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000149fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x448 <----*

eax=7ffd7000 ebx=014dfd58 ecx=014dfd30 edx=7c91e514 esi=00000000 edi=7ffd5000
eip=7c91e514 esp=014dfd30 ebp=014dfdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
014dfdcc 7e3995f9 00000007 014dfdf4 00000000 ntdll!KiFastSystemCallRet
014dfe28 7ca04308 00000006 014dfe50 ffffffff USER32!GetLastInputInfo+0x105
014dff4c 7ca21fc4 77f56f42 00000000 7c8099fa SHELL32!Shell_GetCachedImageIndex+0x450
014dffb4 7c80b729 00000000 7c8099fa 00090000 SHELL32!Ordinal753+0x133
014dffec 00000000 77f56ed3 00fdf4d4 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000014dfd30 4a df 91 7c 90 95 80 7c - 07 00 00 00 58 fd 4d 01 J..|...|....X.M.
00000000014dfd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000014dfd50 07 00 00 00 02 00 00 00 - cc 05 00 00 2c 04 00 00 ............,...
00000000014dfd60 38 04 00 00 68 02 00 00 - a0 02 00 00 8c 02 00 00 8...h...........
00000000014dfd70 64 02 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 d...0...........
00000000014dfd80 10 60 0d 00 00 00 00 00 - 00 00 00 00 ec fd 4d 01 .`............M.
00000000014dfd90 8f 04 3c 7e 30 88 39 7e - 00 50 fd 7f 00 70 fd 7f ..<~0.9~.P...p..
00000000014dfda0 cd 89 39 7e 00 00 00 00 - 58 fd 4d 01 f4 00 09 00 ..9~....X.M.....
00000000014dfdb0 07 00 00 00 4c fd 4d 01 - 00 00 00 00 dc ff 4d 01 ....L.M.......M.
00000000014dfdc0 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 28 fe 4d 01 ...|...|....(.M.
00000000014dfdd0 f9 95 39 7e 07 00 00 00 - f4 fd 4d 01 00 00 00 00 ..9~......M.....
00000000014dfde0 ff ff ff ff 01 00 00 00 - 00 1d 0d 00 06 00 00 00 ................
00000000014dfdf0 00 00 00 00 cc 05 00 00 - 2c 04 00 00 38 04 00 00 ........,...8...
00000000014dfe00 68 02 00 00 a0 02 00 00 - 8c 02 00 00 64 02 00 00 h...........d...
00000000014dfe10 00 00 00 00 09 23 00 00 - 00 00 00 00 01 00 00 00 .....#..........
00000000014dfe20 00 70 fd 7f 64 02 00 00 - 4c ff 4d 01 08 43 a0 7c .p..d...L.M..C.|
00000000014dfe30 06 00 00 00 50 fe 4d 01 - ff ff ff ff ff 04 00 00 ....P.M.........
00000000014dfe40 f4 fd 4d 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..M.............
00000000014dfe50 cc 05 00 00 2c 04 00 00 - 38 04 00 00 68 02 00 00 ....,...8...h...
00000000014dfe60 a0 02 00 00 8c 02 00 00 - 8c 02 00 00 8c 02 00 00 ................

*----> Vidage de l'état de la thread 0xca8 <----*

eax=00000000 ebx=00004e20 ecx=00000014 edx=0202f6a4 esi=0202fd68 edi=7e3991c6
eip=7c91e514 esp=0202fcf8 ebp=0202fd14 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\stobject.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0202fd14 76541565 0202fd68 00000000 00000000 ntdll!KiFastSystemCallRet
0202fd8c 7654362e 76540000 00000000 001c028c stobject+0x1565
0202ffb4 7c80b729 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x19e4
0202ffec 00000000 765435df 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000202fcf8 be 91 39 7e f1 91 39 7e - 68 fd 02 02 00 00 00 00 ..9~..9~h.......
000000000202fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd 02 02 ................
000000000202fd18 65 15 54 76 68 fd 02 02 - 00 00 00 00 00 00 00 00 e.Tvh...........
000000000202fd28 00 00 00 00 00 00 00 00 - 00 00 54 76 00 00 00 00 ..........Tv....
000000000202fd38 30 00 00 00 00 40 00 00 - 21 13 54 76 00 00 00 00 0....@..!.Tv....
000000000202fd48 1e 00 00 00 00 00 54 76 - e9 01 16 00 11 00 01 00 ......Tv........
000000000202fd58 10 00 00 00 00 00 00 00 - dc 30 54 76 00 00 00 00 .........0Tv....
000000000202fd68 c4 01 0c 00 05 04 00 00 - 00 00 00 00 c1 00 00 00 ................
000000000202fd78 a1 e1 3c 00 94 02 00 00 - e6 01 00 00 00 00 00 00 ..<.............
000000000202fd88 00 00 00 00 b4 ff 02 02 - 2e 36 54 76 00 00 54 76 .........6Tv..Tv
000000000202fd98 00 00 00 00 8c 02 1c 00 - 01 00 00 00 00 00 00 00 ................
000000000202fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00 C.:.\.W.I.N.D.O.
000000000202fdb8 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00 W.S.\.s.y.s.t.e.
000000000202fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00 m.3.2.\.s.t.o.b.
000000000202fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00 j.e.c.t...d.l.l.
000000000202fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff 02 02 ...|............
000000000202fdf8 23 00 00 00 97 e1 b5 ff - 97 e1 b5 ff 96 e0 b4 ff #...............
000000000202fe08 94 e0 b0 ff 94 e0 af ff - 92 df ab ff ba ea c9 ff ................
000000000202fe18 ff ff ff ff ff ff ff ff - ff ff ff ff f1 fb f3 ff ................
000000000202fe28 44 c5 60 ff 17 b7 38 ff - 13 b6 31 ff 12 b5 2e ff D.`...8...1.....

*----> Vidage de l'état de la thread 0xdc4 <----*

eax=72c730e8 ebx=0266fef8 ecx=000000f5 edx=024e12d8 esi=00000000 edi=7ffd5000
eip=7c91e514 esp=0266fed0 ebp=0266ff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
ChildEBP RetAddr Args to Child
0266ff6c 7c80a115 00000002 0266ffa4 00000000 ntdll!KiFastSystemCallRet
0266ff88 72c7312a 00000002 0266ffa4 00000000 kernel32!WaitForMultipleObjects+0x18
0266ffb4 7c80b729 00000000 00000000 00090000 wdmaud!midMessage+0x348
0266ffec 00000000 72c730e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000266fed0 4a df 91 7c 90 95 80 7c - 02 00 00 00 f8 fe 66 02 J..|...|......f.
000000000266fee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000266fef0 00 00 00 00 00 00 00 00 - b0 05 00 00 a8 05 00 00 ................
000000000266ff00 fc fb a6 b5 1f cb 57 80 - 90 d6 86 e2 ec fb a6 b5 ......W.........
000000000266ff10 00 00 00 00 68 08 f9 86 - 14 00 00 00 01 00 00 00 ....h...........
000000000266ff20 d0 00 4e 02 00 00 00 00 - 00 00 00 00 30 29 c3 86 ..N.........0)..
000000000266ff30 64 29 c3 86 00 53 ed 86 - 00 50 fd 7f 00 e0 fa 7f d)...S...P......
000000000266ff40 30 29 c3 86 00 00 00 00 - f8 fe 66 02 c4 a0 4f 80 0)........f...O.
000000000266ff50 02 00 00 00 ec fe 66 02 - 00 00 00 00 dc ff 66 02 ......f.......f.
000000000266ff60 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 88 ff 66 02 ...|...|......f.
000000000266ff70 15 a1 80 7c 02 00 00 00 - a4 ff 66 02 00 00 00 00 ...|......f.....
000000000266ff80 ff ff ff ff 00 00 00 00 - b4 ff 66 02 2a 31 c7 72 ..........f.*1.r
000000000266ff90 02 00 00 00 a4 ff 66 02 - 00 00 00 00 ff ff ff ff ......f.........
000000000266ffa0 00 00 09 00 b0 05 00 00 - a8 05 00 00 f2 1e 70 80 ..............p.
000000000266ffb0 1a da 91 7c ec ff 66 02 - 29 b7 80 7c 00 00 00 00 ...|..f.)..|....
000000000266ffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 e0 fa 7f ................
000000000266ffd0 00 b6 3b 87 c0 ff 66 02 - 58 58 09 87 ff ff ff ff ..;...f.XX......
000000000266ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000266fff0 00 00 00 00 e8 30 c7 72 - 00 00 00 00 00 00 00 00 .....0.r........
0000000002670000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xc48 <----*

eax=0016caa0 ebx=00000000 ecx=0016f794 edx=00000004 esi=000b7b80 edi=000b7c24
eip=7c91e514 esp=026afe18 ebp=026aff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
026aff80 77e56caf 026affa8 77e56ad1 000b7b80 ntdll!KiFastSystemCallRet
026aff88 77e56ad1 000b7b80 00090178 00000000 RPCRT4!I_RpcBCacheFree+0x61c
026affa8 77e56c97 000b7a38 026affec 7c80b729 RPCRT4!I_RpcBCacheFree+0x43e
026affb4 7c80b729 000f6098 00090178 00000000 RPCRT4!I_RpcBCacheFree+0x604
026affec 00000000 77e56c7d 000f6098 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000026afe18 aa da 91 7c e3 65 e5 77 - e8 01 00 00 74 ff 6a 02 ...|.e.w....t.j.
00000000026afe28 00 00 00 00 20 f0 4e 02 - 48 ff 6a 02 83 5e 4f 80 .... .N.H.j..^O.
00000000026afe38 8b 60 58 80 a6 60 58 80 - 64 5d d1 b5 08 fc cf 01 .`X..`X.d]......
00000000026afe48 f3 5f 58 80 03 00 00 00 - 02 22 3c 87 00 00 5e 85 ._X......"<...^.
00000000026afe58 84 24 3c 87 00 23 f2 86 - a8 5b d1 b5 b3 cc 57 80 .$<..#...[....W.
00000000026afe68 a8 23 f2 86 03 00 00 00 - f8 22 3c 87 84 0b 00 00 .#......."<.....
00000000026afe78 0c 00 00 00 e0 64 d4 e2 - 00 00 00 00 00 00 00 00 .....d..........
00000000026afe88 06 02 00 00 9e 9d 4d 80 - 2e 25 4e 80 f0 f9 59 85 ......M..%N...Y.
00000000026afe98 28 5c d1 b5 00 11 70 80 - 90 5b d1 b5 06 11 70 80 (\....p..[....p.
00000000026afea8 1c 22 3c 87 e1 00 00 00 - 28 5c d1 b5 2e 25 4e 80 ."<.....(\...%N.
00000000026afeb8 00 0d db ba 81 98 55 80 - f8 e2 82 e3 c8 8b 05 e1 ......U.........
00000000026afec8 a8 23 f2 86 03 00 1f 00 - f8 22 3c 87 e4 05 00 00 .#......."<.....
00000000026afed8 fc 5b d1 b5 1f cb 57 80 - f8 e2 82 e3 ec 5b d1 b5 .[....W......[..
00000000026afee8 00 00 00 00 81 98 55 80 - 38 f5 df ff 38 65 b2 f7 ......U.8...8e..
00000000026afef8 f0 f9 59 85 20 10 60 85 - 40 f5 df ff 34 ca 4d 80 ..Y. .`.@...4.M.
00000000026aff08 ff ff ff ff 46 02 00 00 - e8 c7 4d 80 28 5c d1 b5 ....F.....M.(\..
00000000026aff18 00 00 00 00 f0 f9 59 85 - 8c fb 59 85 2f c5 4d 80 ......Y...Y./.M.
00000000026aff28 5c fb 59 85 80 ff 6a 02 - ae df e5 77 48 ff 6a 02 \.Y...j....wH.j.
00000000026aff38 be df e5 77 e0 10 91 7c - 98 9f 0f 00 98 60 0f 00 ...w...|.....`..
00000000026aff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0xcf8 <----*

eax=77dc848a ebx=0145fed0 ecx=00e9dde8 edx=006f0068 esi=00000000 edi=7ffd5000
eip=7c91e514 esp=0145fea8 ebp=0145ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0145ff44 77dc8631 00000002 0145ff6c 00000000 ntdll!KiFastSystemCallRet
0145ffb4 7c80b729 00000000 00380000 00000000 ADVAPI32!WmiFreeBuffer+0x24e
0145ffec 00000000 77dc848a 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000145fea8 4a df 91 7c 90 95 80 7c - 02 00 00 00 d0 fe 45 01 J..|...|......E.
000000000145feb8 01 00 00 00 01 00 00 00 - 04 ff 45 01 e8 3e 86 00 ..........E..>..
000000000145fec8 60 66 e1 77 00 10 00 00 - 7c 00 00 00 88 00 00 00 `f.w....|.......
000000000145fed8 c0 fe 45 01 60 66 e1 77 - dc ff 45 01 d8 9a 83 7c ..E.`f.w..E....|
000000000145fee8 50 0b 81 7c 00 10 00 00 - 14 00 00 00 01 00 00 00 P..|............
000000000145fef8 00 00 00 00 00 00 00 00 - 10 00 00 00 00 a2 2f 4d ............../M
000000000145ff08 ff ff ff ff 00 10 00 00 - 00 50 fd 7f 00 40 fd 7f .........P...@..
000000000145ff18 dc ff 45 01 04 ff 45 01 - d0 fe 45 01 06 00 00 00 ..E...E...E.....
000000000145ff28 02 00 00 00 c4 fe 45 01 - 06 00 00 00 dc ff 45 01 ......E.......E.
000000000145ff38 d8 9a 83 7c 80 96 80 7c - 00 00 00 00 b4 ff 45 01 ...|...|......E.
000000000145ff48 31 86 dc 77 02 00 00 00 - 6c ff 45 01 00 00 00 00 1..w....l.E.....
000000000145ff58 e0 93 04 00 01 00 00 00 - 00 00 38 00 00 00 00 00 ..........8.....
000000000145ff68 00 00 00 00 7c 00 00 00 - 88 00 00 00 00 10 00 00 ....|...........
000000000145ff78 e8 3e 86 00 00 00 00 00 - 00 10 00 00 e0 2e 86 00 .>..............
000000000145ff88 00 67 e1 77 98 00 00 00 - e0 66 e1 77 00 10 00 00 .g.w.....f.w....
000000000145ff98 00 00 00 00 00 67 e1 77 - e8 3e 86 00 e0 66 e1 77 .....g.w.>...f.w
000000000145ffa8 e5 03 00 00 00 10 00 00 - e0 2e 86 00 ec ff 45 01 ..............E.
000000000145ffb8 29 b7 80 7c 00 00 00 00 - 00 00 38 00 00 00 00 00 )..|......8.....
000000000145ffc8 00 00 00 00 00 40 fd 7f - 00 b6 3b 87 c0 ff 45 01 .....@....;...E.
000000000145ffd8 a8 61 23 85 ff ff ff ff - d8 9a 83 7c 30 b7 80 7c .a#........|0..|

*----> Vidage de l'état de la thread 0xbe4 <----*

eax=774be43b ebx=00007530 ecx=0330f938 edx=00090000 esi=00000000 edi=0355ff50
eip=7c91e514 esp=0355ff20 ebp=0355ff78 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
0355ff78 7c802455 0000ea60 00000000 0355ffb4 ntdll!KiFastSystemCallRet
0355ff88 774be32f 0000ea60 02513e40 774be3ee kernel32!Sleep+0xf
0355ffb4 7c80b729 02513e40 00090188 00000010 ole32!StringFromGUID2+0x51d
0355ffec 00000000 774be43b 02513e40 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000355ff20 1a d2 91 7c f1 23 80 7c - 00 00 00 00 50 ff 55 03 ...|.#.|....P.U.
000000000355ff30 50 25 80 7c f8 6d 5c 77 - 30 75 00 00 14 00 00 00 P%.|.m\w0u......
000000000355ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
000000000355ff50 00 ba 3c dc ff ff ff ff - e4 fe 55 03 50 ff 55 03 ..<.......U.P.U.
000000000355ff60 30 ff 55 03 e4 fe 55 03 - dc ff 55 03 d8 9a 83 7c 0.U...U...U....|
000000000355ff70 60 24 80 7c 00 00 00 00 - 88 ff 55 03 55 24 80 7c `$.|......U.U$.|
000000000355ff80 60 ea 00 00 00 00 00 00 - b4 ff 55 03 2f e3 4b 77 `.........U./.Kw
000000000355ff90 60 ea 00 00 40 3e 51 02 - ee e3 4b 77 00 00 00 00 `...@>Q...Kw....
000000000355ffa0 88 01 09 00 40 3e 51 02 - 00 00 4a 77 56 e4 4b 77 ....@>Q...JwV.Kw
000000000355ffb0 10 00 00 00 ec ff 55 03 - 29 b7 80 7c 40 3e 51 02 ......U.)..|@>Q.
000000000355ffc0 88 01 09 00 10 00 00 00 - 40 3e 51 02 00 c0 fa 7f ........@>Q.....
000000000355ffd0 00 d6 3b 87 c0 ff 55 03 - d8 fe 22 85 ff ff ff ff ..;...U...".....
000000000355ffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
000000000355fff0 00 00 00 00 3b e4 4b 77 - 40 3e 51 02 00 00 00 00 ....;.Kw@>Q.....
0000000003560000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003560010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003560020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003560030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003560040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003560050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xa2c <----*

eax=00000000 ebx=00000880 ecx=0359fd78 edx=7c91e514 esi=0359ff98 edi=7e3a772b
eip=7c91e514 esp=0359ff54 ebp=0359ff78 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0359ff78 76ae4e31 0359ff98 00000000 00000000 ntdll!KiFastSystemCallRet
0359ffb4 7c80b729 00000880 00000200 0000002b WINMM!PlaySoundW+0x7e2
0359ffec 00000000 76ae4dca 00000880 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
000000000359ff54 be 91 39 7e 6b 77 3a 7e - 98 ff 59 03 00 00 00 00 ..9~kw:~..Y.....
000000000359ff64 00 00 00 00 00 00 00 00 - 80 08 00 00 2b 77 3a 7e ............+w:~
000000000359ff74 00 00 00 00 b4 ff 59 03 - 31 4e ae 76 98 ff 59 03 ......Y.1N.v..Y.
000000000359ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................
000000000359ff94 2b 00 00 00 c6 01 16 00 - bc 03 00 00 f0 0c 0d 00 +...............
000000000359ffa4 00 00 00 00 48 c7 3b 00 - 30 00 00 00 47 00 00 00 ....H.;.0...G...
000000000359ffb4 ec ff 59 03 29 b7 80 7c - 80 08 00 00 00 02 00 00 ..Y.)..|........
000000000359ffc4 2b 00 00 00 80 08 00 00 - 00 d0 fa 7f 00 d6 3b 87 +.............;.
000000000359ffd4 c0 ff 59 03 08 d5 1c 85 - ff ff ff ff d8 9a 83 7c ..Y............|
000000000359ffe4 30 b7 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 0..|............
000000000359fff4 ca 4d ae 76 80 08 00 00 - 00 00 00 00 00 00 00 00 .M.v............
00000000035a0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000035a0084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xd20 <----*

eax=00000102 ebx=00000000 ecx=036cff70 edx=7c91e514 esi=7c98e420 edi=7c98e440
eip=7c91e514 esp=036cff70 ebp=036cffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
036cffb4 7c80b729 00000000 00e9d18c 00e9d18c ntdll!KiFastSystemCallRet
036cffec 00000000 7c920250 00000000 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
00000000036cff70 4a da 91 7c 8d 02 92 7c - 30 02 00 00 ac ff 6c 03 J..|...|0.....l.
00000000036cff80 b0 ff 6c 03 98 ff 6c 03 - a0 ff 6c 03 8c d1 e9 00 ..l...l...l.....
00000000036cff90 8c d1 e9 00 00 00 00 00 - 00 00 00 00 c8 b7 0c 00 ................
00000000036cffa0 00 7c 28 e8 ff ff ff ff - a0 ec 02 b5 e9 7a 93 7c .|(..........z.|
00000000036cffb0 70 2e 16 00 ec ff 6c 03 - 29 b7 80 7c 00 00 00 00 p.....l.)..|....
00000000036cffc0 8c d1 e9 00 8c d1 e9 00 - 00 00 00 00 00 90 fa 7f ................
00000000036cffd0 00 b6 3b 87 c0 ff 6c 03 - 30 4e 44 85 ff ff ff ff ..;...l.0ND.....
00000000036cffe0 d8 9a 83 7c 30 b7 80 7c - 00 00 00 00 00 00 00 00 ...|0..|........
00000000036cfff0 00 00 00 00 50 02 92 7c - 00 00 00 00 00 00 00 00 ....P..|........
00000000036d0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000036d00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xdd0 <----*

eax=00000000 ebx=000c00a2 ecx=7e39882a edx=7c91e514 esi=03365194 edi=75f34580
eip=278746f3 esp=02f5fb50 ebp=02f5fb5c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

fonction : <nosymbols>
No prior disassembly possible
278746f3 ?? ???
278746f5 ?? ???
278746f7 ?? ???
278746f9 ?? ???
278746fb ?? ???
278746fd ?? ???
278746ff ?? ???
27874701 ?? ???
27874703 ?? ???
FAUTE ->278746f3 ?? ???
Error 0x00000001
278746f5 ?? ???
278746f7 ?? ???
278746f9 ?? ???
278746fb ?? ???
278746fd ?? ???
278746ff ?? ???
27874701 ?? ???
27874703 ?? ???
27874705 ?? ???
27874707 ?? ???

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\BROWSEUI.dll -
ChildEBP RetAddr Args to Child
02f5fb4c 02f5fbc8 03020000 00000000 02f5fb8c 0x278746f3
02f5fb5c 7e398734 03365194 000c00a2 00000002 0x2f5fbc8
02f5fb8c 7e398816 03020000 000c00a2 00000002 USER32!GetDC+0x6d
02f5fbf4 7e3a8ea0 00000000 03020000 000c00a2 USER32!GetDC+0x14f
02f5fc48 7e3a8eec 005ae7f0 00000002 00000000 USER32!DefWindowProcW+0x180
02f5fc70 7c91e473 02f5fc80 00000018 005ae7f0 USER32!DefWindowProcW+0x1cc
02f5fcc0 75f351df 00000000 0007e0b8 00000000 ntdll!KiUserCallbackDispatcher+0x13
02f5ff20 75f35389 00188e88 0007e0b8 774bd9dd BROWSEUI!Ordinal138+0x791f
02f5ffb4 7c80b729 00188e88 0007e0b8 774bd9dd BROWSEUI!Ordinal138+0x7ac9
02f5ffec 00000000 75f35339 00188e88 00000000 kernel32!GetModuleFileNameA+0x1ba

*----> Vidage brut de la pile <----*
0000000002f5fb50 c8 fb f5 02 00 00 02 03 - 00 00 00 00 8c fb f5 02 ................
0000000002f5fb60 34 87 39 7e 94 51 36 03 - a2 00 0c 00 02 00 00 00 4.9~.Q6.........
0000000002f5fb70 00 00 00 00 00 00 00 00 - 00 00 02 03 cd ab ba dc ................
0000000002f5fb80 00 00 00 00 c8 fb f5 02 - 00 00 02 03 f4 fb f5 02 ................
0000000002f5fb90 16 88 39 7e 00 00 02 03 - a2 00 0c 00 02 00 00 00 ..9~............
0000000002f5fba0 00 00 00 00 00 00 00 00 - 00 00 00 00 a2 00 0c 00 ................
0000000002f5fbb0 00 00 00 00 14 00 00 00 - 01 00 00 00 00 00 00 00 ................
0000000002f5fbc0 00 00 00 00 10 00 00 00 - 00 00 00 00 20 fc f5 02 ............ ...
0000000002f5fbd0 01 00 00 00 00 00 00 00 - 00 00 00 00 a8 fb f5 02 ................
0000000002f5fbe0 74 f7 f5 02 38 fc f5 02 - 8f 04 3c 7e 30 88 39 7e t...8.....<~0.9~
0000000002f5fbf0 00 00 00 00 48 fc f5 02 - a0 8e 3a 7e 00 00 00 00 ....H.....:~....
0000000002f5fc00 00 00 02 03 a2 00 0c 00 - 02 00 00 00 00 00 00 00 ................
0000000002f5fc10 00 00 00 00 04 e8 5a 00 - 01 00 00 00 dc 23 14 00 ......Z......#..
0000000002f5fc20 a2 00 0c 00 00 00 00 00 - b0 8e 3a 7e 00 00 00 00 ..........:~....
0000000002f5fc30 1c fc f5 02 74 f7 f5 02 - a4 ff f5 02 8f 04 3c 7e ....t.........<~
0000000002f5fc40 b0 8e 3a 7e ff ff ff ff - 70 fc f5 02 ec 8e 3a 7e ..:~....p.....:~
0000000002f5fc50 f0 e7 5a 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ..Z.............
0000000002f5fc60 00 00 02 03 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002f5fc70 c0 fc f5 02 73 e4 91 7c - 80 fc f5 02 18 00 00 00 ....s..|........
0000000002f5fc80 f0 e7 5a 00 02 00 00 00 - 00 00 00 00 00 00 00 00 ..Z.............

*----> Vidage de l'état de la thread 0x9f8 <----*

eax=00000000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c91e514 esp=00ddffe8 ebp=00000000 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

fonction : ntdll!KiFastSystemCallRet
7c91e4fa e829000000 call ntdll!RtlRaiseException (7c91e528)
7c91e4ff 8b0424 mov eax,[esp]
7c91e502 8be5 mov esp,ebp
7c91e504 5d pop ebp
7c91e505 c3 ret
7c91e506 8da42400000000 lea esp,[esp]
7c91e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c91e510 8bd4 mov edx,esp
7c91e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
7c91e515 8da42400000000 lea esp,[esp]
7c91e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c91e520 8d542408 lea edx,[esp+0x8]
7c91e524 cd2e int 2e
7c91e526 c3 ret
7c91e527 90 nop
ntdll!RtlRaiseException:
7c91e528 55 push ebp
7c91e529 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00000000 00000000 00000000 00000000 00000000 ntdll!KiFastSystemCallRet

*----> Vidage brut de la pile <----*
0000000000ddffe8 ba 84 39 7e f1 16 3b 7e - 01 00 00 00 22 00 00 00 ..9~..;~...."...
0000000000ddfff8 00 00 00 00 00 00 00 00 - 08 00 00 00 00 20 00 00 ............. ..
0000000000de0008 00 00 00 00 ff ff ff ff - 40 1f 00 00 01 00 00 00 ........@.......
0000000000de0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000de0028 58 00 00 00 58 00 00 00 - a0 e1 db 57 25 de d2 11 X...X......W%...
0000000000de0038 af dd 00 10 5a 27 99 b5 - 03 00 00 00

Autres pages sur : rapport watson

Lassé par la pub ? Créez un compte

Bonjour CJPierre,

À fin de tester savoir si le problème est lié à windows en général ou seulement à un processus actif de ton profil utilisateur, Je testerais avec un autre profil Windows.

Tu peux tester aussi en désactivant les programmes via la commande MSCONFIG
et trouver quel processus plante.

208508,4,643280 a dit :
Hello,

on va commencer par le début : depuis quand ces problèmes sont apparus ? Serait-ce concomitant avec une autre manip : installation nouveau programme, nouveau périphérique, panne de courant, visite d'un site particulièrement louche, téléchargement d'une connerie, etc.


bonjour,

je ne sais pas trop depuis combien de temps ,le problême n'apparait pas pour ma session mais sur les autres.a l'origine j'ai eu de virus et sur le site on m'a bien aidé je n'ai plus de problème de virus (apparement tout est ok).j'ai desinstalle des programmes et installer les logiciels demandes (ccleaner malwarybe combofix hitjacthis).j'ai eu egalement des problèmes avec un programme GUITAR PRO (non officiel)qui me bloquait l'antivirus et le programme de desinstall ne marchait pas .j'ai supprimer les fichiers qui bloquaient manuellement mais ce n'etait pas des fichiers prgramme (archive rar ).
je ne vois pas quoi rajouter de plus les autres motifs n'etant pas à exclure.

cordialement

jpierre


donadeau a dit :
Bonjour CJPierre,

À fin de tester savoir si le problème est lié à windows en général ou seulement à un processus actif de ton profil utilisateur, Je testerais avec un autre profil Windows.

Tu peux tester aussi en désactivant les programmes via la commande MSCONFIG
et trouver quel processus plante.

oui j'ai un profil qui apparement ne plante pas comment trouver le processus qui plante et une fois trouve que faire

@+
jpierre

Bonjour JPierre,

Vu que le problème ne survient pas sur ta session, compare les processus actifs dans
ta session avec les autres session utilisateurs. Et tu verras lequel te cause problème.

Sinon tu peux simplement faire un backup des sessions ayants le problème, les
supprimées et les recrées.

Bonne journée,

donadeau a dit :
Bonjour JPierre,

Vu que le problème ne survient pas sur ta session, compare les processus actifs dans
ta session avec les autres session utilisateurs. Et tu verras lequel te cause problèmE

Sinon tu peux simplement faire un backup des sessions ayants le problème, les
supprimées et les recrées.

Bonne journée,


BONJOUR

ETANT DEBUTANT JE SAIS PAS COMMENT COMPARER LES PROCESSUS ACTIF (par le gestionnaire de tache?) et comment reconnaitre celui qui pose problème.
idem pour créer des backup les effacer et recréer.
désole de mon inculture mais je commence seulement à vouloir résoudre les problèmes via ce forum.quel est le mode d'emploi du logiciel que tu m'indique pour voir les processus defectueux.
cdlt
jean-pierre

Bonjour Jean-Pierre,

(voici la méthode sans le logiciel processXP)

De ta session problématique ;

fais un clic de droite sur la barre des tâches.
Choisi "Gestionnaire des tâches"
ensuite l'onglet Processus.

Prends note de tout les processus et compare avec ta session qui fonctionne bien.

Une fois que tu as trouver les processus fautifs,
recherche sur le web le nom des processus pour voir si ce sont des virus/spywares, etc.
Tu trouveras les méthodes de dé-installation aussi.
=========================================================
Avec processXP c'est très simple.
Télécharge le
double clic sur processxp
une liste complete apprait de tout les les processus en mémoire.
compare les processus entre ta session qui fonctionne et celle en problème.


Avec processXP c'est très simple.
Télécharge le
double clic sur processxp
une liste complete apprait de tout les les processus en mémoire.
compare les processus entre ta session qui fonctionne et celle en problème.[/quotemsg]



bonjour,
je me remets sur le problème j'ai téléchargé process explorer maisilest en anglais est il possible de le telecharger en francais
merci cdlt
jpierre
Lassé par la pub ? Créez un compte

Créer un nouveau sujet