Aller au contenu

[XP] explorer de windows xp sp3 qui plante


d2r2280

Messages recommandés

Bonjour a tous,

J'ai un petit souci fort désagréable.

Depuis que j'ai installé le sp3 de windows XP, j'ai explorer qui plante sans raison apparente. Par exemple lorsque je navigue dans le poste de travail ou tout autre programme.

Explorer plante de manière aléatoire et Dr Watson génère un journal d'erreur que je vous met a disposition.

Une exception d'application s'est produite :

App : C:\WINDOWS\Explorer.EXE (pid=1768)

Lorsque : 03/08/2008 @ 09:26:47.875

Numéro d'exception : c0000005 (violation d'accès)

*----> Liste des tâches <----*

0 System Process

4 System

388 smss.exe

448 csrss.exe

472 winlogon.exe

516 services.exe

528 lsass.exe

692 svchost.exe

760 svchost.exe

800 svchost.exe

844 svchost.exe

880 svchost.exe

908 spoolsv.exe

1036 RunSC.exe

1056 PCtl.exe

1060 nvsvc32.exe

1164 svchost.exe

1192 Error 0xD0000022

1236 Error 0xD0000022

1288 BIL.EXE

1344 Error 0xD0000022

1352 CILRS232.EXE

1380 CILUSB.EXE

1768 Explorer.EXE

1784 Error 0xD0000022

1880 alg.exe

172 SOUNDMAN.EXE

208 HPWuSchd2.exe

332 rundll32.exe

348 bdagent.exe

408 RUNDLL32.EXE

132 ctfmon.exe

700 SuperCopier2.exe

1124 hpqtra08.exe

2152 hpqSTE08.exe

2248 wuauclt.exe

2332 wmiprvse.exe

2708 HelpSvc.exe

3116 drwtsn32.exe

Voilà. Est ce que quelqu'un a connu un tel souci ?

Merci.

Lien vers le commentaire
Partager sur d’autres sites

Voici quelques précisions.

Le problème est survenu quelques semaines après l'installation du sp3.

explorer.exe plante dès que je sollicite l'explorateur ou tout autre logiciels.

Voici en plus détaillées, toutes les infos du journal d'erreur.

Une exception d'application s'est produite :

App : C:\WINDOWS\Explorer.EXE (pid=1768)

Lorsque : 03/08/2008 @ 09:26:47.875

Numéro d'exception : c0000005 (violation d'accès)

*----> Liste des tâches <----*

0 System Process

4 System

388 smss.exe

448 csrss.exe

472 winlogon.exe

516 services.exe

528 lsass.exe

692 svchost.exe

760 svchost.exe

800 svchost.exe

844 svchost.exe

880 svchost.exe

908 spoolsv.exe

1036 RunSC.exe

1056 PCtl.exe

1060 nvsvc32.exe

1164 svchost.exe

1192 Error 0xD0000022

1236 Error 0xD0000022

1288 BIL.EXE

1344 Error 0xD0000022

1352 CILRS232.EXE

1380 CILUSB.EXE

1768 Explorer.EXE

1784 Error 0xD0000022

1880 alg.exe

172 SOUNDMAN.EXE

208 HPWuSchd2.exe

332 rundll32.exe

348 bdagent.exe

408 RUNDLL32.EXE

132 ctfmon.exe

700 SuperCopier2.exe

1124 hpqtra08.exe

2152 hpqSTE08.exe

2248 wuauclt.exe

2332 wmiprvse.exe

2708 HelpSvc.exe

3116 drwtsn32.exe

*----> Liste des modules <----*

(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll

(0000000000cb0000 - 0000000000d0b000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

(0000000000d70000 - 0000000000dbc000: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

(0000000001000000 - 0000000001100000: C:\WINDOWS\Explorer.EXE

(0000000001480000 - 000000000175a000: C:\WINDOWS\system32\xpsp2res.dll

(0000000001850000 - 0000000001877000: C:\BitDefender\BitDefender 2008\bdshelxt.dll

(0000000001f40000 - 0000000001f53000: C:\BitDefender\BitDefender 2008\bdutils.dll

(0000000002490000 - 00000000024a6000: C:\BitDefender\BitDefender 2008\txmlx.dll

(00000000025a0000 - 00000000025b9000: C:\SuperCopier2\SC2Hook.dll

(0000000002850000 - 00000000028a0000: C:\WINDOWS\system32\NVWRSFR.DLL

(0000000003220000 - 0000000003235000: C:\WINDOWS\system32\nvwddi.dll

(0000000007320000 - 0000000007338000: C:\PROGRA~1\WINDOW~2\wmpband.dll

(0000000010000000 - 0000000010171000: C:\WINDOWS\system32\nview.dll

(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\PortableDeviceApi.dll

(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\PortableDeviceTypes.dll

(0000000016200000 - 0000000016206000: C:\WinZip\wzshlstb.dll

(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\WPDShServiceObj.dll

(000000001f840000 - 000000001f858000: C:\WINDOWS\system32\odbcint.dll

(00000000200e0000 - 00000000200ee000: C:\WINDOWS\system32\eappprxy.dll

(0000000043e00000 - 0000000043e45000: C:\WINDOWS\system32\iertutil.dll

(0000000044080000 - 0000000044150000: C:\WINDOWS\system32\WININET.dll

(0000000044160000 - 0000000044287000: C:\WINDOWS\system32\urlmon.dll

(00000000442b0000 - 00000000442ec000: C:\WINDOWS\system32\webcheck.dll

(0000000044360000 - 000000004492d000: C:\WINDOWS\system32\ieframe.dll

(000000004d5e0000 - 000000004d639000: C:\WINDOWS\system32\WINHTTP.dll

(000000004eb80000 - 000000004ed26000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

(0000000051980000 - 000000005198c000: C:\DVDREG~1\DVDShell.dll

(0000000058b50000 - 0000000058bea000: C:\WINDOWS\system32\comctl32.dll

(00000000595b0000 - 000000005977a000: C:\WINDOWS\AppPatch\AcGenral.DLL

(000000005b090000 - 000000005b0c8000: C:\WINDOWS\system32\UxTheme.dll

(000000005b660000 - 000000005b66a000: C:\WINDOWS\system32\dot3api.dll

(000000005b950000 - 000000005b9c3000: C:\WINDOWS\system32\themeui.dll

(000000005cea0000 - 000000005cec6000: C:\WINDOWS\system32\ShimEng.dll

(000000005ffb0000 - 000000005ffe3000: C:\WINDOWS\system32\msutb.dll

(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll

(000000006c650000 - 000000006c69d000: C:\WINDOWS\system32\DUSER.dll

(000000006da60000 - 000000006da82000: C:\WINDOWS\system32\eappcfg.dll

(000000006fee0000 - 000000006ff35000: C:\WINDOWS\system32\NETAPI32.dll

(0000000071600000 - 0000000071613000: C:\WINDOWS\system32\browselc.dll

(0000000071800000 - 000000007188e000: C:\WINDOWS\system32\shdoclc.dll

(00000000719e0000 - 00000000719e8000: C:\WINDOWS\system32\WS2HELP.dll

(00000000719f0000 - 0000000071a07000: C:\WINDOWS\system32\WS2_32.dll

(0000000071a60000 - 0000000071a72000: C:\WINDOWS\system32\MPR.dll

(0000000071b50000 - 0000000071b63000: C:\WINDOWS\system32\SAMLIB.dll

(0000000071b70000 - 0000000071b7e000: C:\WINDOWS\System32\ntlanman.dll

(0000000071be0000 - 0000000071be7000: C:\WINDOWS\System32\NETRAP.dll

(0000000071bf0000 - 0000000071c30000: C:\WINDOWS\System32\NETUI1.dll

(0000000071c30000 - 0000000071c47000: C:\WINDOWS\System32\NETUI0.dll

(0000000071ca0000 - 0000000071cbb000: C:\WINDOWS\system32\actxprxy.dll

(0000000071d10000 - 0000000071d42000: C:\WINDOWS\system32\syncui.dll

(0000000072380000 - 000000007239a000: C:\WINDOWS\system32\mydocs.dll

(0000000072640000 - 0000000072646000: C:\WINDOWS\system32\dot3dlg.dll

(0000000072c60000 - 0000000072c68000: C:\WINDOWS\system32\msacm32.drv

(0000000072c70000 - 0000000072c79000: C:\WINDOWS\system32\wdmaud.drv

(0000000072f50000 - 0000000072f76000: C:\WINDOWS\system32\WINSPOOL.DRV

(0000000073990000 - 00000000739b8000: C:\WINDOWS\system32\OneX.DLL

(0000000073a80000 - 0000000073a95000: C:\WINDOWS\system32\mscms.dll

(0000000073af0000 - 0000000073b04000: C:\WINDOWS\system32\sti.dll

(0000000074690000 - 00000000746dc000: C:\WINDOWS\system32\MSCTF.dll

(0000000074730000 - 000000007476d000: C:\WINDOWS\system32\ODBC32.dll

(0000000074a40000 - 0000000074a48000: C:\WINDOWS\system32\POWRPROF.dll

(0000000074a50000 - 0000000074a57000: C:\WINDOWS\system32\CFGMGR32.dll

(0000000074a60000 - 0000000074a6a000: C:\WINDOWS\system32\BatMeter.dll

(0000000075140000 - 000000007516e000: C:\WINDOWS\system32\msctfime.ime

(0000000075900000 - 00000000759fa000: C:\WINDOWS\system32\MSGINA.dll

(0000000075d30000 - 0000000075dc1000: C:\WINDOWS\system32\MLANG.dll

(0000000075ef0000 - 0000000075ef7000: C:\WINDOWS\System32\drprov.dll

(0000000075f00000 - 0000000075f0a000: C:\WINDOWS\System32\davclnt.dll

(0000000075f10000 - 000000007600d000: C:\WINDOWS\system32\BROWSEUI.dll

(0000000076010000 - 0000000076075000: C:\WINDOWS\system32\MSVCP60.dll

(00000000762f0000 - 0000000076300000: C:\WINDOWS\system32\WINSTA.dll

(0000000076310000 - 0000000076315000: C:\WINDOWS\system32\MSIMG32.dll

(0000000076320000 - 000000007633d000: C:\WINDOWS\system32\IMM32.DLL

(0000000076340000 - 000000007638a000: C:\WINDOWS\system32\comdlg32.dll

(0000000076390000 - 0000000076539000: C:\WINDOWS\system32\NETSHELL.dll

(0000000076540000 - 0000000076561000: C:\WINDOWS\system32\stobject.dll

(0000000076590000 - 00000000765ad000: C:\WINDOWS\System32\CSCDLL.dll

(00000000765b0000 - 0000000076606000: C:\WINDOWS\System32\cscui.dll

(0000000076610000 - 0000000076694000: C:\WINDOWS\system32\CRYPTUI.dll

(0000000076720000 - 0000000076729000: C:\WINDOWS\system32\SHFOLDER.dll

(0000000076920000 - 0000000076928000: C:\WINDOWS\system32\LINKINFO.dll

(0000000076930000 - 0000000076956000: C:\WINDOWS\system32\ntshrui.dll

(0000000076960000 - 0000000076a16000: C:\WINDOWS\system32\USERENV.dll

(0000000076ac0000 - 0000000076ad1000: C:\WINDOWS\system32\ATL.DLL

(0000000076ae0000 - 0000000076b0f000: C:\WINDOWS\system32\WINMM.dll

(0000000076ba0000 - 0000000076bab000: C:\WINDOWS\system32\PSAPI.DLL

(0000000076bb0000 - 0000000076bdf000: C:\WINDOWS\system32\credui.dll

(0000000076be0000 - 0000000076c0e000: C:\WINDOWS\system32\WINTRUST.dll

(0000000076c40000 - 0000000076c68000: C:\WINDOWS\system32\IMAGEHLP.dll

(0000000076d10000 - 0000000076d29000: C:\WINDOWS\system32\iphlpapi.dll

(0000000076e30000 - 0000000076e3e000: C:\WINDOWS\system32\rtutils.dll

(0000000076f00000 - 0000000076f08000: C:\WINDOWS\system32\WTSAPI32.dll

(0000000076f10000 - 0000000076f3d000: C:\WINDOWS\system32\WLDAP32.dll

(0000000076f80000 - 0000000076fff000: C:\WINDOWS\system32\CLBCATQ.DLL

(0000000077000000 - 00000000770d4000: C:\WINDOWS\system32\COMRes.dll

(00000000770e0000 - 000000007716b000: C:\WINDOWS\system32\OLEAUT32.dll

(0000000077210000 - 00000000772c1000: C:\WINDOWS\system32\SXS.DLL

(0000000077390000 - 0000000077493000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

(00000000774a0000 - 00000000775dd000: C:\WINDOWS\system32\ole32.dll

(0000000077650000 - 0000000077671000: C:\WINDOWS\system32\NTMARTA.DLL

(00000000778e0000 - 00000000779d8000: C:\WINDOWS\system32\SETUPAPI.dll

(00000000779e0000 - 0000000077a77000: C:\WINDOWS\system32\CRYPT32.dll

(0000000077a80000 - 0000000077a92000: C:\WINDOWS\system32\MSASN1.dll

(0000000077b50000 - 0000000077b72000: C:\WINDOWS\system32\apphelp.dll

(0000000077ba0000 - 0000000077ba7000: C:\WINDOWS\system32\midimap.dll

(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll

(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll

(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll

(0000000077da0000 - 0000000077e4c000: C:\WINDOWS\system32\ADVAPI32.dll

(0000000077e50000 - 0000000077ee2000: C:\WINDOWS\system32\RPCRT4.dll

(0000000077ef0000 - 0000000077f39000: C:\WINDOWS\system32\GDI32.dll

(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll

(0000000077fc0000 - 0000000077fd1000: C:\WINDOWS\system32\Secur32.dll

(0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll

(0000000078800000 - 000000007895c000: C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll

(000000007c420000 - 000000007c4a7000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll

(000000007c800000 - 000000007c906000: C:\WINDOWS\system32\kernel32.dll

(000000007c910000 - 000000007c9c6000: C:\WINDOWS\system32\ntdll.dll

(000000007c9d0000 - 000000007d1f5000: C:\WINDOWS\system32\SHELL32.dll

(000000007d200000 - 000000007d4bc000: C:\WINDOWS\system32\msi.dll

(000000007e210000 - 000000007e381000: C:\WINDOWS\system32\SHDOCVW.dll

(000000007e390000 - 000000007e421000: C:\WINDOWS\system32\USER32.dll

*----> Vidage de l'état de la thread 0x6f4 <----*

eax=0007fcb4 ebx=00000003 ecx=00000000 edx=7c91e4f4 esi=001042e0 edi=00000000

eip=7c91e4f4 esp=0007fef0 ebp=0007ff08 iopl=0 nv up ei pl nz na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHELL32.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\Explorer.EXE

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -

ChildEBP RetAddr Args to Child

0007ff08 7ca1d034 00000000 0007ff5c 01013256 ntdll!KiFastSystemCallRet

0007ff14 01013256 001042e0 7ffd5000 0007ffc0 SHELL32!Ordinal201+0x28

0007ff5c 0101a5c7 00000000 00000000 0002064e Explorer+0x13256

0007ffc0 7c817067 00000010 000810a0 7ffd5000 Explorer+0x1a5c7

0007fff0 00000000 0101a55f 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Vidage brut de la pile <----*

000000000007fef0 18 94 39 7e 80 4a a0 7c - 2e 93 80 7c e0 42 10 00 ..9~.J.|...|.B..

000000000007ff00 e0 42 10 00 14 ff 07 00 - 14 ff 07 00 34 d0 a1 7c .B..........4..|

000000000007ff10 00 00 00 00 5c ff 07 00 - 56 32 01 01 e0 42 10 00 ....\...V2...B..

000000000007ff20 00 50 fd 7f c0 ff 07 00 - 00 00 00 00 24 fd 07 00 .P..........$...

000000000007ff30 50 ff 07 00 e0 ff 07 00 - ec d7 91 7c f5 ac 80 7c P..........|...|

000000000007ff40 ff ff ff ff 0c 00 00 00 - 00 00 00 00 e3 86 00 00 ................

000000000007ff50 d8 00 00 00 01 00 00 00 - e0 42 10 00 c0 ff 07 00 .........B......

000000000007ff60 c7 a5 01 01 00 00 00 00 - 00 00 00 00 4e 06 02 00 ............N...

000000000007ff70 01 00 00 00 10 00 00 00 - a0 10 08 00 44 00 00 00 ............D...

000000000007ff80 a0 06 02 00 80 06 02 00 - 50 06 02 00 00 00 00 00 ........P.......

000000000007ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 24 00 02 00 ............$...

000000000007ffa0 cc f0 07 00 02 00 00 00 - 01 00 00 00 01 00 00 00 ................

000000000007ffb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000007ffc0 f0 ff 07 00 67 70 81 7c - 10 00 00 00 a0 10 08 00 ....gp.|........

000000000007ffd0 00 50 fd 7f ed b6 54 80 - c8 ff 07 00 a8 ad 18 86 .P....T.........

000000000007ffe0 ff ff ff ff c0 9a 83 7c - 70 70 81 7c 00 00 00 00 .......|pp.|....

000000000007fff0 00 00 00 00 00 00 00 00 - 5f a5 01 01 00 00 00 00 ........_.......

0000000000080000 41 63 74 78 20 00 00 00 - 01 00 00 00 98 24 00 00 Actx ........$..

0000000000080010 c4 00 00 00 00 00 00 00 - 20 00 00 00 00 00 00 00 ........ .......

0000000000080020 14 00 00 00 01 00 00 00 - 06 00 00 00 34 00 00 00 ............4...

*----> Vidage de l'état de la thread 0x718 <----*

eax=00865eb4 ebx=0099fed0 ecx=7ffde000 edx=77e16660 esi=00000000 edi=7ffd5000

eip=7c91e4f4 esp=0099fea8 ebp=0099ff44 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

0099ff44 77dc8601 00000002 0099ff6c 00000000 ntdll!KiFastSystemCallRet

0099ffb4 7c80b713 00000000 7c92428f 00000000 ADVAPI32!WmiFreeBuffer+0x24e

0099ffec 00000000 77dc845a 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

000000000099fea8 2c df 91 7c 74 95 80 7c - 02 00 00 00 d0 fe 99 00 ,..|t..|........

000000000099feb8 01 00 00 00 01 00 00 00 - 04 ff 99 00 e8 3e 86 00 .............>..

000000000099fec8 60 66 e1 77 00 10 00 00 - 60 00 00 00 68 00 00 00 `f.w....`...h...

000000000099fed8 c0 fe 99 00 e8 17 00 00 - dc ff 99 00 c0 9a 83 7c ...............|

000000000099fee8 40 0b 81 7c ff ff ff ff - 14 00 00 00 01 00 00 00 @..|............

000000000099fef8 48 c1 09 00 00 00 00 00 - 00 00 00 00 00 a2 2f 4d H............./M

000000000099ff08 ff ff ff ff 00 10 00 00 - 00 50 fd 7f 00 e0 fd 7f .........P......

000000000099ff18 00 10 00 00 04 ff 99 00 - d0 fe 99 00 88 66 e1 77 .............f.w

000000000099ff28 02 00 00 00 c4 fe 99 00 - 20 00 00 00 dc ff 99 00 ........ .......

000000000099ff38 c0 9a 83 7c 68 96 80 7c - 00 00 00 00 b4 ff 99 00 ...|h..|........

000000000099ff48 01 86 dc 77 02 00 00 00 - 6c ff 99 00 00 00 00 00 ...w....l.......

000000000099ff58 e0 93 04 00 01 00 00 00 - 8f 42 92 7c 00 00 00 00 .........B.|....

000000000099ff68 00 00 00 00 60 00 00 00 - 68 00 00 00 00 10 00 00 ....`...h.......

000000000099ff78 e8 3e 86 00 00 00 00 00 - 00 10 00 00 e0 2e 86 00 .>..............

000000000099ff88 e0 66 e1 77 68 00 00 00 - 00 67 e1 77 00 10 00 00 .f.wh....g.w....

000000000099ff98 00 00 00 00 00 00 00 00 - e8 3e 86 00 00 67 e1 77 .........>...g.w

000000000099ffa8 e5 03 00 00 00 10 00 00 - e0 2e 86 00 ec ff 99 00 ................

000000000099ffb8 13 b7 80 7c 00 00 00 00 - 8f 42 92 7c 00 00 00 00 ...|.....B.|....

000000000099ffc8 00 00 00 00 00 e0 fd 7f - 00 c6 1b 87 c0 ff 99 00 ................

000000000099ffd8 a8 cc 0c 86 ff ff ff ff - c0 9a 83 7c 20 b7 80 7c ...........| ..|

*----> Vidage de l'état de la thread 0x790 <----*

eax=00000000 ebx=00000000 ecx=7ffdd000 edx=000bd9e4 esi=000bd9a8 edi=00000000

eip=7c91e4f4 esp=00eafe18 ebp=00eaff80 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00eaff80 77e56caf 00eaffa8 77e56ad1 000bd9a8 ntdll!KiFastSystemCallRet

00eaff88 77e56ad1 000bd9a8 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x61c

00eaffa8 77e56c97 000bd860 00eaffec 7c80b713 RPCRT4!I_RpcBCacheFree+0x43e

00eaffb4 7c80b713 000cd250 00000000 0007f88c RPCRT4!I_RpcBCacheFree+0x604

00eaffec 00000000 77e56c7d 000cd250 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

0000000000eafe18 8c da 91 7c e3 65 e5 77 - b0 01 00 00 74 ff ea 00 ...|.e.w....t...

0000000000eafe28 00 00 00 00 90 cf 16 00 - 50 ff ea 00 ff ff ff 03 ........P.......

0000000000eafe38 ff ff ff 03 f8 79 f8 81 - 00 00 00 00 fc 3c 88 c0 .....y.......<..

0000000000eafe48 88 59 52 86 40 f5 df ff - 02 00 00 00 00 00 4f 80 .YR.@.........O.

0000000000eafe58 94 fb e4 ba 28 fd 3f c0 - 00 40 fa 7f 00 00 00 00 ....(.?..@......

0000000000eafe68 20 fd 3f 02 04 5d 88 8a - 9b 38 52 80 00 40 fa 7f .?..]...8R..@..

0000000000eafe78 01 00 00 00 00 00 00 00 - 20 fd 3f c0 00 00 00 00 ........ .?.....

0000000000eafe88 00 00 00 00 f8 1f 60 c0 - 30 fc e4 ba fa 3f 52 80 ......`.0....?R.

0000000000eafe98 94 fb e4 ba 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000eafea8 60 b2 23 86 90 57 52 86 - 01 58 52 86 00 00 00 00 `.#..WR..XR.....

0000000000eafeb8 20 fd 3f c0 00 57 25 86 - 00 00 00 00 00 00 00 00 .?..W%.........

0000000000eafec8 00 00 04 00 9f 0c 00 00 - 5c 58 52 86 ff ff c9 00 ........\XR.....

0000000000eafed8 90 57 52 86 00 00 00 00 - c8 23 1c 87 00 00 ca 00 .WR......#......

0000000000eafee8 50 fb e4 ba 1f 00 00 00 - 80 a8 1d 86 40 f5 df ff P...........@...

0000000000eafef8 83 5b 54 80 ff ff ff ff - 46 02 00 00 9b 59 54 80 .[T.....F....YT.

0000000000eaff08 28 fc e4 ba 80 a8 1d 86 - 20 f1 df ff 1c aa 1d 86 (....... .......

0000000000eaff18 58 38 50 80 f0 a8 1d 86 - 80 a8 1d 86 68 b0 4f 80 X8P.........h.O.

0000000000eaff28 ec a9 1d 86 80 ff ea 00 - ae df e5 77 48 ff ea 00 ...........wH...

0000000000eaff38 be df e5 77 e0 10 91 7c - c8 cf 0c 00 50 d2 0c 00 ...w...|....P...

0000000000eaff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0x794 <----*

eax=774be43b ebx=00007530 ecx=7ffd5000 edx=00000000 esi=000001cc edi=00000000

eip=7c91e4f4 esp=00f0ff28 ebp=00f0ff8c iopl=0 nv up ei ng nz ac po cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00f0ff8c 774be419 000001cc 00007530 00000000 ntdll!KiFastSystemCallRet

00f0ffb4 7c80b713 000cfa20 7465536c 73655248 ole32!StringFromGUID2+0x607

00f0ffec 00000000 774be43b 000cfa20 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

0000000000f0ff28 3c df 91 7c db 25 80 7c - cc 01 00 00 00 00 00 00 <..|.%.|........

0000000000f0ff38 5c ff f0 00 50 25 80 7c - 20 fa 0c 00 30 75 00 00 \...P%.| ...0u..

0000000000f0ff48 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f0ff58 10 00 00 00 00 5d 1e ee - ff ff ff ff 00 50 fd 7f .....].......P..

0000000000f0ff68 00 c0 fd 7f 5c ff f0 00 - 60 24 80 7c 3c ff f0 00 ....\...`$.|<...

0000000000f0ff78 13 24 80 7c dc ff f0 00 - c0 9a 83 7c 08 26 80 7c .$.|.......|.&.|

0000000000f0ff88 00 00 00 00 b4 ff f0 00 - 19 e4 4b 77 cc 01 00 00 ..........Kw....

0000000000f0ff98 30 75 00 00 00 00 00 00 - 6c 53 65 74 20 fa 0c 00 0u......lSet ...

0000000000f0ffa8 00 00 4a 77 56 e4 4b 77 - 48 52 65 73 ec ff f0 00 ..JwV.KwHRes....

0000000000f0ffb8 13 b7 80 7c 20 fa 0c 00 - 6c 53 65 74 48 52 65 73 ...| ...lSetHRes

0000000000f0ffc8 20 fa 0c 00 00 c0 fd 7f - 00 c6 1b 87 c0 ff f0 00 ...............

0000000000f0ffd8 c8 e6 0c 86 ff ff ff ff - c0 9a 83 7c 20 b7 80 7c ...........| ..|

0000000000f0ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 3b e4 4b 77 ............;.Kw

0000000000f0fff8 20 fa 0c 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ...............

0000000000f10008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f10018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f10028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f10038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f10048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f10058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x798 <----*

eax=00000000 ebx=00000001 ecx=00f4f150 edx=7c91e4f4 esi=00f4f194 edi=0000cc98

eip=1004b82e esp=00f4f178 ebp=00f4f358 iopl=0 nv up ei pl nz na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** WARNING: Unable to verify checksum for C:\WINDOWS\system32\nview.dll

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\nview.dll -

fonction : nview!PMLoadPresentation

1004b812 0e push cs

1004b813 81f9ffffff7f cmp ecx,0x7fffffff

1004b819 7410 jz nview!PMLoadPresentation+0x282b (1004b82b)

1004b81b 83f80f cmp eax,0xf

1004b81e 750b jnz nview!PMLoadPresentation+0x282b (1004b82b)

1004b820 8b4604 mov eax,[esi+0x4]

1004b823 51 push ecx

1004b824 50 push eax

1004b825 ff1524000f10 call dword ptr [nview+0xf0024 (100f0024)]

1004b82b 8b4614 mov eax,[esi+0x14]

1004b82e 85c0 test eax,eax

1004b830 743d jz nview!PMLoadPresentation+0x286f (1004b86f)

1004b832 a1a45a0e10 mov eax,[nview+0xe5aa4 (100e5aa4)]

1004b837 81a09c0b0000fffeffff and dword ptr [eax+0xb9c],0xfffffeff

1004b841 817e0802010000 cmp dword ptr [esi+0x8],0x102

1004b848 7425 jz nview!PMLoadPresentation+0x286f (1004b86f)

1004b84a a1a45a0e10 mov eax,[nview+0xe5aa4 (100e5aa4)]

1004b84f ff8820010000 dec dword ptr [eax+0x120]

1004b855 ff0d885a0e10 dec dword ptr [nview+0xe5a88 (100e5a88)]

1004b85b c7461400000000 mov dword ptr [esi+0x14],0x0

1004b862 8b0d605a0e10 mov ecx,[nview+0xe5a60 (100e5a60)]

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00f4f358 000100a8 54010000 00000000 00000008 nview!PMLoadPresentation+0x282e

047706e1 00000000 00000000 00000000 00000000 0x100a8

*----> Vidage brut de la pile <----*

0000000000f4f178 08 00 7e 02 31 f5 04 10 - 94 f1 f4 00 00 00 00 00 ..~.1...........

0000000000f4f188 56 af 3a 7e 00 00 7e 02 - e8 fc f4 00 ff ff ff ff V.:~..~.........

0000000000f4f198 fe ff ff ff 00 00 00 00 - e8 06 00 00 98 07 00 00 ................

0000000000f4f1a8 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f1b8 00 00 00 00 00 00 00 00 - 00 00 00 00 63 00 65 00 ............c.e.

0000000000f4f1c8 72 00 6f 00 55 00 49 00 - 57 00 6e 00 64 00 46 00 r.o.U.I.W.n.d.F.

0000000000f4f1d8 72 00 61 00 6d 00 65 00 - 00 00 00 00 00 00 00 00 r.a.m.e.........

0000000000f4f1e8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f1f8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f208 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f218 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f228 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f238 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f248 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f258 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f268 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f278 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f288 65 00 78 00 70 00 6c 00 - 6f 00 72 00 65 00 72 00 e.x.p.l.o.r.e.r.

0000000000f4f298 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f4f2a8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x79c <----*

eax=7c937ebb ebx=00000000 ecx=77da6a77 edx=77da6a3e esi=ffffffff edi=7c91f648

eip=7c91e4f4 esp=00f8ff9c ebp=00f8ffb4 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00f8ffb4 7c80b713 00000000 7c91f648 ffffffff ntdll!KiFastSystemCallRet

00f8ffec 00000000 7c937ebb 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

0000000000f8ff9c fc d1 91 7c 02 7f 93 7c - 01 00 00 00 ac ff f8 00 ...|...|........

0000000000f8ffac 00 00 00 00 00 00 00 80 - ec ff f8 00 13 b7 80 7c ...............|

0000000000f8ffbc 00 00 00 00 48 f6 91 7c - ff ff ff ff 00 00 00 00 ....H..|........

0000000000f8ffcc 00 a0 fd 7f 00 c6 1b 87 - c0 ff f8 00 a0 11 25 86 ..............%.

0000000000f8ffdc ff ff ff ff c0 9a 83 7c - 20 b7 80 7c 00 00 00 00 .......| ..|....

0000000000f8ffec 00 00 00 00 00 00 00 00 - bb 7e 93 7c 00 00 00 00 .........~.|....

0000000000f8fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f9009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f900ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f900bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f900cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x7a0 <----*

eax=000dfd48 ebx=00000000 ecx=7c9e3478 edx=0012f2c0 esi=7c98b420 edi=7c98b440

eip=7c91e4f4 esp=00fcff70 ebp=00fcffb4 iopl=0 nv up ei ng nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00fcffb4 7c80b713 00000000 00f4fce4 00f4fce8 ntdll!KiFastSystemCallRet

00fcffec 00000000 7c920230 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

0000000000fcff70 2c da 91 7c 6d 02 92 7c - f8 01 00 00 ac ff fc 00 ,..|m..|........

0000000000fcff80 b0 ff fc 00 98 ff fc 00 - a0 ff fc 00 e4 fc f4 00 ................

0000000000fcff90 e8 fc f4 00 00 00 00 00 - 00 00 00 00 58 3e 14 00 ............X>..

0000000000fcffa0 00 7c 28 e8 ff ff ff ff - a0 7c 78 ba c9 7a 93 7c .|(......|x..z.|

0000000000fcffb0 70 74 10 00 ec ff fc 00 - 13 b7 80 7c 00 00 00 00 pt.........|....

0000000000fcffc0 e4 fc f4 00 e8 fc f4 00 - 00 00 00 00 00 90 fd 7f ................

0000000000fcffd0 00 e6 1b 87 c0 ff fc 00 - 10 51 0d 86 ff ff ff ff .........Q......

0000000000fcffe0 c0 9a 83 7c 20 b7 80 7c - 00 00 00 00 00 00 00 00 ...| ..|........

0000000000fcfff0 00 00 00 00 30 02 92 7c - 00 00 00 00 00 00 00 00 ....0..|........

0000000000fd0000 c8 00 00 00 86 01 00 00 - ff ee ff ee 02 10 00 00 ................

0000000000fd0010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00 ............. ..

0000000000fd0020 00 02 00 00 00 20 00 00 - 22 14 00 00 ff ef fd 7f ..... ..".......

0000000000fd0030 0e 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000fd0040 00 00 00 00 98 05 fd 00 - 0f 00 00 00 f8 ff ff ff ................

0000000000fd0050 50 00 fd 00 50 00 fd 00 - 40 06 fd 00 00 00 00 00 P...P...@.......

0000000000fd0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000fd0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000fd0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000fd0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000fd00a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x7a4 <----*

eax=000000c0 ebx=00000000 ecx=00f4fb00 edx=00000000 esi=00000000 edi=00000001

eip=7c91e4f4 esp=0179fcec ebp=0179ffb4 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

0179ffb4 7c80b713 00000000 00000020 00f4fce4 ntdll!KiFastSystemCallRet

0179ffec 00000000 7c939b6f 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

000000000179fcec 2c df 91 7c 96 9c 93 7c - 03 00 00 00 30 fd 79 01 ,..|...|....0.y.

000000000179fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...

000000000179fd0c e4 fc f4 00 00 00 00 00 - 80 c9 98 7c 80 c9 98 7c ...........|...|

000000000179fd1c 00 02 00 00 a4 07 00 00 - 03 00 00 00 03 00 00 00 ................

000000000179fd2c 02 00 00 00 fc 01 00 00 - e4 01 00 00 30 05 00 00 ............0...

000000000179fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000179fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x7ac <----*

eax=00000001 ebx=0237f630 ecx=017dfe2c edx=000002a7 esi=00000000 edi=7ffd5000

eip=7c91e4f4 esp=017dfd30 ebp=017dfdcc iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

017dfdcc 7e3995f9 00000009 017dfdf4 00000000 ntdll!KiFastSystemCallRet

017dfe28 7ca04d20 00000008 017dfe50 ffffffff USER32!GetLastInputInfo+0x105

017dff4c 7ca1b53c 77f56f42 00000000 7c8099ea SHELL32!Shell_GetCachedImageIndex+0xd40

017dffb4 7c80b713 00000000 7c8099ea 00090000 SHELL32!Ordinal753+0x133

017dffec 00000000 77f56ed3 00f4f4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

00000000017dfd30 2c df 91 7c 74 95 80 7c - 09 00 00 00 30 f6 37 02 ,..|t..|....0.7.

00000000017dfd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000017dfd50 09 00 00 00 02 00 00 00 - d0 5d 57 00 14 00 00 00 .........]W.....

00000000017dfd60 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................

00000000017dfd70 00 00 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 ....0...........

00000000017dfd80 90 3b 0e 00 00 00 00 00 - 00 00 00 00 ec fd 7d 01 .;............}.

00000000017dfd90 8f 04 3c 7e 30 88 39 7e - 00 50 fd 7f 00 70 fd 7f ..<~0.9~.P...p..

00000000017dfda0 00 70 fd 7f 00 00 00 00 - 30 f6 37 02 aa 00 01 00 .p......0.7.....

00000000017dfdb0 09 00 00 00 4c fd 7d 01 - 00 00 00 00 dc ff 7d 01 ....L.}.......}.

00000000017dfdc0 c0 9a 83 7c 68 96 80 7c - 00 00 00 00 28 fe 7d 01 ...|h..|....(.}.

00000000017dfdd0 f9 95 39 7e 09 00 00 00 - f4 fd 7d 01 00 00 00 00 ..9~......}.....

00000000017dfde0 ff ff ff ff 01 00 00 00 - 18 0e 0e 00 08 00 00 00 ................

00000000017dfdf0 00 00 00 00 7c 04 00 00 - 58 06 00 00 5c 09 00 00 ....|...X...\...

00000000017dfe00 14 05 00 00 d4 03 00 00 - 44 02 00 00 14 02 00 00 ........D.......

00000000017dfe10 4c 02 00 00 24 02 00 00 - 00 00 00 00 01 00 00 00 L...$...........

00000000017dfe20 00 70 fd 7f 24 02 00 00 - 4c ff 7d 01 20 4d a0 7c .p..$...L.}. M.|

00000000017dfe30 08 00 00 00 50 fe 7d 01 - ff ff ff ff ff 04 00 00 ....P.}.........

00000000017dfe40 f4 fd 7d 01 00 00 00 00 - 00 00 00 00 00 00 00 00 ..}.............

00000000017dfe50 7c 04 00 00 58 06 00 00 - 5c 09 00 00 14 05 00 00 |...X...\.......

00000000017dfe60 d4 03 00 00 44 02 00 00 - 14 02 00 00 4c 02 00 00 ....D.......L...

*----> Vidage de l'état de la thread 0x11c <----*

eax=7c9201c0 ebx=00000000 ecx=00000000 edx=02370f10 esi=000bd9a8 edi=000bda4c

eip=7c91e4f4 esp=020bfe18 ebp=020bff80 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

020bff80 77e56caf 020bffa8 77e56ad1 000bd9a8 ntdll!KiFastSystemCallRet

020bff88 77e56ad1 000bd9a8 00000000 003d0460 RPCRT4!I_RpcBCacheFree+0x61c

020bffa8 77e56c97 000bd860 020bffec 7c80b713 RPCRT4!I_RpcBCacheFree+0x43e

020bffb4 7c80b713 00163af8 00000000 003d0460 RPCRT4!I_RpcBCacheFree+0x604

020bffec 00000000 77e56c7d 00163af8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

00000000020bfe18 8c da 91 7c e3 65 e5 77 - b0 01 00 00 74 ff 0b 02 ...|.e.w....t...

00000000020bfe28 00 00 00 00 30 42 18 00 - 48 ff 0b 02 00 00 00 00 ....0B..H.......

00000000020bfe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000020bfe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000020bfe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000020bfe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000020bfe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000020bfe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000020bfe98 00 00 00 00 00 00 00 00 - 43 6d 6e 80 28 ac d4 ba ........Cmn.(...

00000000020bfea8 27 64 6e 80 00 0d db ba - 00 00 00 00 68 b8 0a 86 'dn.........h...

00000000020bfeb8 88 ac d4 ba 00 00 00 00 - 50 b9 0a 86 01 67 5d 86 ........P....g].

00000000020bfec8 a0 ac d4 ba f0 e4 0d 86 - 02 02 00 00 ba 5b 54 80 .............[T.

00000000020bfed8 57 5a 54 80 e0 ab d4 ba - 00 00 00 00 00 00 00 00 WZT.............

00000000020bfee8 00 00 00 00 1f 00 00 00 - ff ff ff ff 40 45 88 f7 ............@E..

00000000020bfef8 00 00 00 00 10 64 6e 80 - 04 ba 0a 86 28 ac d4 ba .....dn.....(...

00000000020bff08 00 00 00 00 27 64 6e 80 - 08 00 00 00 46 02 00 00 ....'dn.....F...

00000000020bff18 58 38 50 80 d8 b8 0a 86 - 68 b8 0a 86 68 b0 4f 80 X8P.....h...h.O.

00000000020bff28 d4 b9 0a 86 80 ff 0b 02 - ae df e5 77 48 ff 0b 02 ...........wH...

00000000020bff38 be df e5 77 e0 10 91 7c - 48 bb 14 00 f8 3a 16 00 ...w...|H....:..

00000000020bff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Vidage de l'état de la thread 0x148 <----*

eax=77e5802c ebx=00004e20 ecx=00102500 edx=00000000 esi=0211fd68 edi=7e3991c6

eip=7c91e4f4 esp=0211fcf8 ebp=0211fd14 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\stobject.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

0211fd14 76541565 0211fd68 00000000 00000000 ntdll!KiFastSystemCallRet

0211fd8c 7654362e 76540000 00000000 00030104 stobject+0x1565

0211ffb4 7c80b713 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x19e4

0211ffec 00000000 765435df 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

000000000211fcf8 be 91 39 7e f1 91 39 7e - 68 fd 11 02 00 00 00 00 ..9~..9~h.......

000000000211fd08 00 00 00 00 00 00 00 00 - 00 00 00 00 8c fd 11 02 ................

000000000211fd18 65 15 54 76 68 fd 11 02 - 00 00 00 00 00 00 00 00 e.Tvh...........

000000000211fd28 00 00 00 00 00 00 00 00 - 00 00 54 76 00 00 00 00 ..........Tv....

000000000211fd38 30 00 00 00 00 40 00 00 - 21 13 54 76 00 00 00 00 0....@..!.Tv....

000000000211fd48 1e 00 00 00 00 00 54 76 - ff 00 12 00 11 00 01 00 ......Tv........

000000000211fd58 10 00 00 00 00 00 00 00 - dc 30 54 76 00 00 00 00 .........0Tv....

000000000211fd68 02 01 03 00 f6 c0 00 00 - 00 00 00 00 00 00 00 00 ................

000000000211fd78 bf a7 02 00 50 04 00 00 - 88 02 00 00 00 00 00 00 ....P...........

000000000211fd88 00 00 00 00 b4 ff 11 02 - 2e 36 54 76 00 00 54 76 .........6Tv..Tv

000000000211fd98 00 00 00 00 04 01 03 00 - 01 00 00 00 00 00 00 00 ................

000000000211fda8 43 00 3a 00 5c 00 57 00 - 49 00 4e 00 44 00 4f 00 C.:.\.W.I.N.D.O.

000000000211fdb8 57 00 53 00 5c 00 73 00 - 79 00 73 00 74 00 65 00 W.S.\.s.y.s.t.e.

000000000211fdc8 6d 00 33 00 32 00 5c 00 - 73 00 74 00 6f 00 62 00 m.3.2.\.s.t.o.b.

000000000211fdd8 6a 00 65 00 63 00 74 00 - 2e 00 64 00 6c 00 6c 00 j.e.c.t...d.l.l.

000000000211fde8 00 00 81 7c 1b 00 00 00 - 00 02 00 00 fc ff 11 02 ...|............

000000000211fdf8 23 00 00 00 e9 06 81 7c - 1b 00 00 00 00 02 00 00 #......|........

000000000211fe08 fc ff be 00 23 00 00 00 - 00 00 00 00 00 00 00 00 ....#...........

000000000211fe18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000211fe28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0x154 <----*

eax=00000001 ebx=0037b7c0 ecx=022bfdd0 edx=7c91e4f4 esi=022bfe14 edi=164be000

eip=7c91e4f4 esp=022bfdd0 ebp=022bfdec iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WPDShServiceObj.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\SHLWAPI.dll -

ChildEBP RetAddr Args to Child

022bfdec 164aa888 022bfe14 00000000 00000000 ntdll!KiFastSystemCallRet

022bff50 77f56f42 0037b7c0 00f4f314 7c91e900 WPDShServiceObj+0xa888

022bffb4 7c80b713 00000000 00f4f314 7c91e900 SHLWAPI!Ordinal505+0x3e9

022bffec 00000000 77f56ed3 00f4f3f8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

00000000022bfdd0 be 91 39 7e f1 91 39 7e - 14 fe 2b 02 00 00 00 00 ..9~..9~..+.....

00000000022bfde0 00 00 00 00 00 00 00 00 - d4 19 4a 16 50 ff 2b 02 ..........J.P.+.

00000000022bfdf0 88 a8 4a 16 14 fe 2b 02 - 00 00 00 00 00 00 00 00 ..J...+.........

00000000022bfe00 00 00 00 00 b8 19 2b 02 - 00 00 00 00 00 00 00 00 ......+.........

00000000022bfe10 00 00 00 00 34 01 01 00 - 13 01 00 00 0d 00 00 00 ....4...........

00000000022bfe20 00 00 00 00 75 a9 02 00 - 00 02 00 00 b4 02 00 00 ....u...........

00000000022bfe30 01 00 00 00 c0 b7 37 00 - a5 83 4a 16 b2 83 4a 16 ......7...J...J.

00000000022bfe40 bc 3b 7b ba 90 d6 12 87 - 1c ae 1d 86 bc 3b 7b ba .;{..........;{.

00000000022bfe50 4f f4 5b 80 78 ad 1d 86 - 1c ae 1d 86 00 00 00 00 O.[.x...........

00000000022bfe60 1e 00 f8 00 18 00 e2 e2 - 3c 00 f8 00 3b 00 00 00 ........<...;...

00000000022bfe70 5f 1a 02 00 e8 27 58 80 - 00 00 00 00 78 13 00 e1 _....'X.....x...

00000000022bfe80 54 f3 4b 77 c0 68 5c 77 - 15 00 00 00 14 00 00 00 T.Kw.h\w........

00000000022bfe90 17 00 00 00 b4 fe 2b 02 - d3 f4 4b 77 8c 2a 0a 00 ......+...Kw.*..

00000000022bfea0 17 00 00 00 01 00 00 00 - cc d6 4b 77 04 bf 0f 00 ..........Kw....

00000000022bfeb0 c4 fe 2b 02 ec d7 4b 77 - e8 03 00 00 22 d2 4b 77 ..+...Kw....".Kw

00000000022bfec0 60 68 5c 77 ef d1 4b 77 - 68 68 5c 77 f1 f5 4b 77 `h\w..Kwhh\w..Kw

00000000022bfed0 74 a0 16 00 50 ff 2b 02 - 88 a0 16 00 b5 d8 4b 77 t...P.+.......Kw

00000000022bfee0 64 2a 0a 00 74 a0 16 00 - 50 ff 2b 02 bd f1 4b 77 d*..t...P.+...Kw

00000000022bfef0 f6 97 80 7c 50 ff 2b 02 - 3c 68 5c 77 00 00 00 00 ...|P.+.<h\w....

00000000022bff00 28 ff 2b 02 03 f1 4b 77 - 74 a0 16 00 88 a0 16 00 (.+...Kwt.......

*----> Vidage de l'état de la thread 0x158 <----*

eax=164be3e8 ebx=022ffd0c ecx=022ffd78 edx=7c91e4f4 esi=00000000 edi=7ffd5000

eip=7c91e4f4 esp=022ffce4 ebp=022ffd80 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

022ffd80 7e3995f9 00000002 022ffda8 00000000 ntdll!KiFastSystemCallRet

022ffddc 164a9bea 00000001 022ffe2c ffffffff USER32!GetLastInputInfo+0x105

022fff50 77f56f42 0037b7c0 00f4f314 7c91e900 WPDShServiceObj+0x9bea

022fffb4 7c80b713 00000000 00f4f314 7c91e900 SHLWAPI!Ordinal505+0x3e9

022fffec 00000000 77f56ed3 00f4f3f8 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

00000000022ffce4 2c df 91 7c 74 95 80 7c - 02 00 00 00 0c fd 2f 02 ,..|t..|....../.

00000000022ffcf4 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000022ffd04 02 00 00 00 02 00 00 00 - 20 05 00 00 24 05 00 00 ........ ...$...

00000000022ffd14 3e 6a da 77 77 6a da 77 - a8 31 4a 16 01 00 00 80 >j.wwj.w.1J.....

00000000022ffd24 44 00 00 00 18 00 00 00 - 14 00 00 00 01 00 00 00 D...............

00000000022ffd34 b8 a8 16 00 00 00 00 00 - 00 00 00 00 56 00 56 00 ............V.V.

00000000022ffd44 a8 31 4a 16 00 00 00 00 - 00 50 fd 7f 00 90 fa 7f .1J......P......

00000000022ffd54 70 1c 00 00 00 00 00 00 - 0c fd 2f 02 98 fd 2f 02 p........./.../.

00000000022ffd64 02 00 00 00 00 fd 2f 02 - 8c fd 2f 02 44 ff 2f 02 ....../.../.D./.

00000000022ffd74 c0 9a 83 7c 68 96 80 7c - 00 00 00 00 dc fd 2f 02 ...|h..|....../.

00000000022ffd84 f9 95 39 7e 02 00 00 00 - a8 fd 2f 02 00 00 00 00 ..9~....../.....

00000000022ffd94 ff ff ff ff 01 00 00 00 - 00 00 00 00 9b 92 39 7e ..............9~

00000000022ffda4 01 00 00 00 20 05 00 00 - 24 05 00 00 63 ae 4b 16 .... ...$...c.K.

00000000022ffdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 40 b8 37 00 ............@.7.

00000000022ffdc4 04 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................

00000000022ffdd4 00 90 fa 7f 24 05 00 00 - 50 ff 2f 02 ea 9b 4a 16 ....$...P./...J.

00000000022ffde4 01 00 00 00 2c fe 2f 02 - ff ff ff ff 00 01 00 00 ....,./.........

00000000022ffdf4 a8 fd 2f 02 b8 19 2f 02 - 00 00 00 00 00 00 00 00 ../.../.........

00000000022ffe04 00 00 00 00 58 c2 87 00 - 2c ba 88 ba 18 bb 88 ba ....X...,.......

00000000022ffe14 44 bd 88 ba b0 9a 53 80 - 40 96 4d 80 b1 bb 88 ba D.....S.@.M.....

*----> Vidage de l'état de la thread 0x178 <----*

eax=72c730e8 ebx=0248fef8 ecx=00000000 edx=0017dfe0 esi=00000000 edi=7ffd5000

eip=7c91e4f4 esp=0248fed0 ebp=0248ff6c iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -

ChildEBP RetAddr Args to Child

0248ff6c 7c80a105 00000002 0248ffa4 00000000 ntdll!KiFastSystemCallRet

0248ff88 72c7312a 00000002 0248ffa4 00000000 kernel32!WaitForMultipleObjects+0x18

0248ffb4 7c80b713 00000000 00000000 00090000 wdmaud!midMessage+0x348

0248ffec 00000000 72c730e8 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

000000000248fed0 2c df 91 7c 74 95 80 7c - 02 00 00 00 f8 fe 48 02 ,..|t..|......H.

000000000248fee0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000248fef0 00 00 00 00 00 00 00 00 - 54 05 00 00 50 05 00 00 ........T...P...

000000000248ff00 c4 29 0a 86 28 fc 7b ba - 00 00 00 00 27 64 6e 80 .)..(.{.....'dn.

000000000248ff10 08 00 00 00 46 02 00 00 - 14 00 00 00 01 00 00 00 ....F...........

000000000248ff20 28 41 17 00 00 00 00 00 - 00 00 00 00 28 28 0a 86 (A..........((..

000000000248ff30 5c 28 0a 86 30 4a 16 86 - 00 50 fd 7f 00 80 fa 7f \(..0J...P......

000000000248ff40 28 28 0a 86 00 00 00 00 - f8 fe 48 02 72 2f 50 80 ((........H.r/P.

000000000248ff50 02 00 00 00 ec fe 48 02 - 00 00 00 00 dc ff 48 02 ......H.......H.

000000000248ff60 c0 9a 83 7c 68 96 80 7c - 00 00 00 00 88 ff 48 02 ...|h..|......H.

000000000248ff70 05 a1 80 7c 02 00 00 00 - a4 ff 48 02 00 00 00 00 ...|......H.....

000000000248ff80 ff ff ff ff 00 00 00 00 - b4 ff 48 02 2a 31 c7 72 ..........H.*1.r

000000000248ff90 02 00 00 00 a4 ff 48 02 - 00 00 00 00 ff ff ff ff ......H.........

000000000248ffa0 00 00 09 00 54 05 00 00 - 50 05 00 00 f2 6e 6e 80 ....T...P....nn.

000000000248ffb0 fc d9 91 7c ec ff 48 02 - 13 b7 80 7c 00 00 00 00 ...|..H....|....

000000000248ffc0 00 00 00 00 00 00 09 00 - 00 00 00 00 00 80 fa 7f ................

000000000248ffd0 00 c6 1b 87 c0 ff 48 02 - 20 fb 25 86 ff ff ff ff ......H. .%.....

000000000248ffe0 c0 9a 83 7c 20 b7 80 7c - 00 00 00 00 00 00 00 00 ...| ..|........

000000000248fff0 00 00 00 00 e8 30 c7 72 - 00 00 00 00 00 00 00 00 .....0.r........

0000000002490000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ..............

*----> Vidage de l'état de la thread 0x9a4 <----*

eax=00000000 ebx=0236d184 ecx=7c802413 edx=7c91e4f4 esi=00000000 edi=00000000

eip=02c616d3 esp=02cbffac ebp=02cbffb4 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : <nosymbols>

No prior disassembly possible

02c616d3 ?? ???

02c616d5 ?? ???

02c616d7 ?? ???

02c616d9 ?? ???

02c616db ?? ???

02c616dd ?? ???

02c616df ?? ???

02c616e1 ?? ???

02c616e3 ?? ???

FAUTE ->02c616d3 ?? ???

Error 0x00000001

02c616d5 ?? ???

02c616d7 ?? ???

02c616d9 ?? ???

02c616db ?? ???

02c616dd ?? ???

02c616df ?? ???

02c616e1 ?? ???

02c616e3 ?? ???

02c616e5 ?? ???

02c616e7 ?? ???

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

02cbffa8 00060040 0000000b 02cbffec 7c80b713 0x2c616d3

02cbffb4 7c80b713 0236d184 00000000 00000000 0x60040

02cbffec 00000000 02c6168a 0236d184 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

0000000002cbffac 40 00 06 00 0b 00 00 00 - ec ff cb 02 13 b7 80 7c @..............|

0000000002cbffbc 84 d1 36 02 00 00 00 00 - 00 00 00 00 84 d1 36 02 ..6...........6.

0000000002cbffcc 00 f0 fa 7f 05 00 00 c0 - c0 ff cb 02 d0 fb cb 02 ................

0000000002cbffdc ff ff ff ff c0 9a 83 7c - 20 b7 80 7c 00 00 00 00 .......| ..|....

0000000002cbffec 00 00 00 00 00 00 00 00 - 8a 16 c6 02 84 d1 36 02 ..............6.

0000000002cbfffc 00 00 00 00 c8 00 00 00 - ec 01 00 00 ff ee ff ee ................

0000000002cc000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00 ................

0000000002cc001c 00 20 00 00 00 02 00 00 - 00 20 00 00 ec 01 00 00 . ....... ......

0000000002cc002c ff ef fd 7f 12 00 08 06 - 00 00 00 00 00 00 00 00 ................

0000000002cc003c 00 00 00 00 00 00 00 00 - 98 05 cc 02 0f 00 00 00 ................

0000000002cc004c f8 ff ff ff 50 00 cc 02 - 50 00 cc 02 40 06 cc 02 ....P...P...@...

0000000002cc005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc00ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc00bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc00cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000002cc00dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xa14 <----*

eax=00000000 ebx=0000047c ecx=7e3f1088 edx=00001801 esi=011fff98 edi=7e3a772b

eip=7c91e4f4 esp=011fff54 ebp=011fff78 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

011fff78 76ae4e31 011fff98 00000000 00000000 ntdll!KiFastSystemCallRet

011fffb4 7c80b713 0000047c 00000200 0000002b WINMM!PlaySoundW+0x7e2

011fffec 00000000 76ae4dca 0000047c 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

00000000011fff54 be 91 39 7e 6b 77 3a 7e - 98 ff 1f 01 00 00 00 00 ..9~kw:~........

00000000011fff64 00 00 00 00 00 00 00 00 - 7c 04 00 00 2b 77 3a 7e ........|...+w:~

00000000011fff74 00 00 00 00 b4 ff 1f 01 - 31 4e ae 76 98 ff 1f 01 ........1N.v....

00000000011fff84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 02 00 00 ................

00000000011fff94 2b 00 00 00 18 03 02 00 - f6 c0 00 00 00 00 00 00 +...............

00000000011fffa4 00 00 00 00 bf a7 02 00 - 50 04 00 00 88 02 00 00 ........P.......

00000000011fffb4 ec ff 1f 01 13 b7 80 7c - 7c 04 00 00 00 02 00 00 .......||.......

00000000011fffc4 2b 00 00 00 7c 04 00 00 - 00 d0 fa 7f 00 c6 1b 87 +...|...........

00000000011fffd4 c0 ff 1f 01 88 f0 0e 86 - ff ff ff ff c0 9a 83 7c ...............|

00000000011fffe4 20 b7 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ..|............

00000000011ffff4 ca 4d ae 76 7c 04 00 00 - 00 00 00 00 c1 00 00 00 .M.v|...........

0000000001200004 be 01 00 00 ff ee ff ee - 03 10 00 00 01 00 00 00 ................

0000000001200014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00 00 ......... ......

0000000001200024 00 20 00 00 59 02 00 00 - ff ef fd 7f 1a 00 08 06 . ..Y...........

0000000001200034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001200044 98 05 20 01 0f 00 00 00 - f8 ff ff ff 50 00 20 01 .. .........P. .

0000000001200054 50 00 20 01 08 06 20 01 - 00 00 00 00 00 00 00 00 P. ... .........

0000000001200064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001200074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001200084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Vidage de l'état de la thread 0xa44 <----*

eax=00002050 ebx=00000000 ecx=0000001e edx=03e50028 esi=7c98b420 edi=7c98b440

eip=7c91e4f4 esp=0138ff70 ebp=0138ffb4 iopl=0 nv up ei ng nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

fonction : ntdll!KiFastSystemCallRet

7c91e4da e829000000 call ntdll!RtlRaiseException (7c91e508)

7c91e4df 8b0424 mov eax,[esp]

7c91e4e2 8be5 mov esp,ebp

7c91e4e4 5d pop ebp

7c91e4e5 c3 ret

7c91e4e6 8da42400000000 lea esp,[esp]

7c91e4ed 8d4900 lea ecx,[ecx]

ntdll!KiFastSystemCall:

7c91e4f0 8bd4 mov edx,esp

7c91e4f2 0f34 sysenter

ntdll!KiFastSystemCallRet:

7c91e4f4 c3 ret

7c91e4f5 8da42400000000 lea esp,[esp]

7c91e4fc 8d642400 lea esp,[esp]

ntdll!KiIntSystemCall:

7c91e500 8d542408 lea edx,[esp+0x8]

7c91e504 cd2e int 2e

7c91e506 c3 ret

7c91e507 90 nop

ntdll!RtlRaiseException:

7c91e508 55 push ebp

7c91e509 8bec mov ebp,esp

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

0138ffb4 7c80b713 00000000 7ffd0000 00000009 ntdll!KiFastSystemCallRet

0138ffec 00000000 7c920230 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Vidage brut de la pile <----*

000000000138ff70 2c da 91 7c 6d 02 92 7c - f8 01 00 00 ac ff 38 01 ,..|m..|......8.

000000000138ff80 b0 ff 38 01 98 ff 38 01 - a0 ff 38 01 00 00 fd 7f ..8...8...8.....

000000000138ff90 09 00 00 00 00 00 00 00 - 00 00 00 00 70 74 10 00 ............pt..

000000000138ffa0 00 7c 28 e8 ff ff ff ff - a0 bc 23 ba c9 7a 93 7c .|(.......#..z.|

000000000138ffb0 58 3e 14 00 ec ff 38 01 - 13 b7 80 7c 00 00 00 00 X>....8....|....

000000000138ffc0 00 00 fd 7f 09 00 00 00 - 00 00 00 00 00 50 fa 7f .............P..

000000000138ffd0 00 e6 1b 87 c0 ff 38 01 - d0 7a 0a 86 ff ff ff ff ......8..z......

000000000138ffe0 c0 9a 83 7c 20 b7 80 7c - 00 00 00 00 00 00 00 00 ...| ..|........

000000000138fff0 00 00 00 00 30 02 92 7c - 00 00 00 00 00 00 00 00 ....0..|........

0000000001390000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000001390090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000013900a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

Comme vous le constatez je n'y comprends rien.

HELP!!! :incline:

Lien vers le commentaire
Partager sur d’autres sites

et ben,non, même une désinstallation du SP3!!

Alors, je précise qu'explorer ne plante qu'une fois que j'ai fini de naviguer dans le poste de travail ou dans les disques dur et que je ferme celui-ci.

Exemple, j'ouvre le poste de travail, je cherche un fichier, je ferme et là, explorer.exe plante lamentablement.

Explorer.exe doit fermer blablabla...

Une autre idée SVP!! ;);)

Lien vers le commentaire
Partager sur d’autres sites

j'ai fait une analyse avec mon AV bitdefender 08 + un scan online sur le site Kapersky.

j'ai également installé Spybot S&D 1.6 + maj + analyse.

RIEN!! Quelques cookies traceurs C tout.

Voilà le rapport Hijack this :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:59:44, on 04/08/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\MGE\RunSC.exe

C:\WINDOWS\system32\MGE\PCtl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\system32\MGE\BIL.EXE

C:\WINDOWS\system32\MGE\CILRS232.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\BitDefender\BitDefender 2008\bdagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\SuperCopier2\SuperCopier2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [amd_dc_opt] "C:\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Free Download Manager\dlfvideo.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206401161718

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 6990 bytes

J'ai réinstallé le sp3, histoire de voir si le problème n'allait pas disparaître, mais ce ne fut pas le cas.

m.a.j : j'ai le même souci sur les deux bécanes que je possède et sur lesquelles j'ai installé le sp3.

Lien vers le commentaire
Partager sur d’autres sites

m.a.j : j'avais pas désinstallé spybot.

voilà le bon rapport hijack this :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:26:36, on 04/08/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\MGE\RunSC.exe

C:\WINDOWS\system32\MGE\PCtl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MGE\BIL.EXE

C:\WINDOWS\system32\MGE\CILRS232.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [amd_dc_opt] "C:\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Free Download Manager\dlfvideo.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206401161718

O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)

--

End of file - 5434 bytes

Lien vers le commentaire
Partager sur d’autres sites

J'ai installé le sp3 puis firefox 3.0, puis CCleaner (dernière version), spybot s&d 1.6, mise a jour de paint.net, installation d'abode reader 9.0.

Voilà ce que j'ai installé. Pour Spybot, le plantage était déjà présent...

J'ai tenté de désinstaller tous les programmes ci dessus, mais cela n'a eu aucun effet sur mon souci.

je vais tenter avec AMV converter.

J'ai installé le sp3 puis firefox 3.0, puis CCleaner (dernière version), spybot s&d 1.6, mise a jour de paint.net, installation d'abode reader 9.0+ Freedownload manager.

Voilà ce que j'ai installé. Pour Spybot, le plantage était déjà présent...

J'ai tenté de désinstaller tous les programmes ci dessus, mais cela n'a eu aucun effet sur mon souci.

je vais tenter avec AMV converter.

Lien vers le commentaire
Partager sur d’autres sites

Et en enlevant AMV Converter et Free Download Manager ?

En fait, quel logiciel a été ajouté pour que cela provoque des plantages ?

Merci Amour, j'ai fait ce que tu m'as dit et c'est vrai que s'était les deux logiciels que je n'avais pas désinstallé.

J'ai retrouvé un environnement stable et explorer.exe qui ne plante plus.

Merci mille fois.

Lien vers le commentaire
Partager sur d’autres sites

  • 3 mois après...
Et en enlevant AMV Converter et Free Download Manager ?

En fait, quel logiciel a été ajouté pour que cela provoque des plantages ?

J'avais le même problème avec explorer.exe.

J'avais suivi, sans aucun résultat positif, des dizaines d'idées de corrections proposées par divers forums.

Votre suggestion d'enlever "Free Download Manager" a réussi !

(et j'ai même pu réinstaller Free Download Manager après, sans retomber sur le problème initial.)

Un grand merci, donc.

Lien vers le commentaire
Partager sur d’autres sites

Archivé

Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.

×
×
  • Créer...