PROBLEME AVAST

Bonjour

Esaie de réparer avast.
Pour commencer, désactive les protections résidentes, puis arrète les process ashdisp.exe, ashserv.exe et aswupsv.exe.
Ensuite, tu vas dans l'installateur désinstallateur de programmes de windows, tu clique sur "désinstaller avast" et tu choisis "réparer".
Tu redémarre.

@+

Merci de ta réponse rapide.

1.Je ne vois plus le A dans la barre des taches ....je suppose qu'il est désactivé ....?

2. Tu me dit d'arrêter les process de......
pourrais-tu préciser la manip car je ne comprens pas ce que je dois faire.

En attendant ta répose..
et grand merci d'avance

Re

Pour arreter les process tu appuie sur la touche "control" et "alt" simultanément puis, en maintenant appuyé, sur la touche "suppr" du clavier.

@+

ok pour Ctrl-Alt + DéDELETE....et après, que dois-je fermer ,,,

Re

Les process indiqués dans ma première intervention. Clique droit : terminer le processus...

@+

Rebonjour,
Désolé mais je ne te comprens pas...

Si je fais trl-Alt + Delete je ne vois pas ce que tu me dit.

.......ashdisp.exe, ashserv.exe et aswupsv.exe je ne vois pas dans les programmes à fermer .

Encore merci de m'aider.
Daniel22

J'ai oublié de signaler que j'avais aussi des écrans bleus


UNE ERREUR FATALE EOE EST APPARUE 0028 / C001409B
DANS LE VXD VMM(01) + 0001309B

Merci de venir a mon secours daniel22

Salut daniel22,

Si, tu as déjà parlé des BSOD dans ton premier post... Mais bon, pourquoi faire simple quand on peut faire compliqué, hum ? Stoppe définitivement tous les services de la protection résidente, comme l'a dit Rumbacampus ; ensuite désinstalle avast! via "Panneau de configuration" -> "Ajout/Suppression de programmes". En cas d'échec, il y a une solution de secours. Mais essaie déjà ça.

Cordialement,
pierrotlefou

Bien le bonjour à toi Pierrotlefou,

J'ai suivi tes conseils...
J'ai essayé de désintaller avast mais...

Date du cliché du système : 09/04/2005 19:37:08.

*----> Sommaire/Résumé <----*

SETIFACE.DLL a effectué un accès mémoire non valide.

Nom du module : SETIFACE.DLL

Nom de l'application : Rundll32.exe
Description : Exécuter une DLL en tant qu'application
Version : 4.10.1998
Produit : Système d'exploitation Microsoft(R) Windows(R)
Fabricant : Microsoft Corporation

--------------------
Windows KB891711 component a altéré les fichiers système
Windows.

Nom du module : KB891711.EXE
Description : Windows KB891711 component
Version : 4.10.2222
Produit : Microsoft(R) Windows(R) Operating System
Fabricant : Microsoft Corporation

Remarque de l'utilisateur :


*----> Informations système <----*

Microsoft Windows 98 4.10.2222 A
Nouvelle installation utilisant CD OEM complet
/T:C:\WININST0.400 /SrcDir=E:\WIN98 /IZ /IS /IQ /IT /II /NR /II /C /U:xxxxxxxxxxxxxxxxx
IE 5 6.0.2800.1106
Durée : 0:00:18:20
Mode normal
Sur "G1C4T5" en tant que "daniel"

GenuineIntel Pentium(r) III Processor
256 Mo RAM
53% des ressources système libres
Fichier d'échange standard sur le lecteur C (684 Mo libres)
Fichiers temporaires sur le lecteur C (684 Mo libres)

*----> Liste des tâches <----*

Programme
Type
Chemin
--------------

1. Kernel32.dll
4.10.2222
Microsoft Corporation

2. MSGSRV32.EXE
4.10.2222
Microsoft Corporation

3. Mprexe.exe
4.10.1998
Microsoft Corporation

4. MMTASK.TSK
4.03.1998
Microsoft Corporation

5. Ati2evxx.exe
4.12.4000
ATI Technologies Inc.

6. KB891711.EXE
4.10.2222
Microsoft Corporation

7. Explorer.exe
4.72.3110.1
Microsoft Corporation

8. Rpcss.exe
4.71.2900
Microsoft Corporation

9. Taskmon.exe
4.10.1998
Microsoft Corporation

10. Mouse32a.exe
3.0.1.0


11. Usbdetector.exe
1, 0, 0, 1
ali

12. Effacehistorique.exe
2.1.0.3


13. Msnmsgr.exe
6.2.0205
Microsoft Corporation

14. Kbdap32a.exe
2.7.0.1


15. Drwatson.exe
4.03
Microsoft Corporation

16. Rnaapp.exe
4.10.2222
Microsoft Corporation

17. Tapisrv.exe
4.10.2222
Microsoft Corporation

18. Pstores.exe
5.00.1877.3
Microsoft Corporation

19. Ashsimpl.exe
4, 5, 536, 0
ALWIL Software

20. Ddhelp.exe
4.09.00.0900
Microsoft Corporation

21. Iexplore.exe
6.00.2800.1106
Microsoft Corporation

22. Winword.exe
9.0.2823
Microsoft Corporation

23. Spool32.exe
4.10.1998
Microsoft Corporation

24. Rundll32.exe
4.10.1998
Microsoft Corporation

25. Rundll32.exe
4.10.1998
Microsoft Corporation

*----> Éléments du démarrage <----*

Nom
Chargé à partir de
Commande
--------------------------

1. Logitech Desktop Messenger
Groupe Démarrage
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe" /start

2. run
Win.ini
hpfsched

3. msnmsgr
Registre (exécution par l'utilisateur)
"C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

4. LogitechSoftwareUpdate
Registre (exécution par l'utilisateur)
"C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot

5. LDM
Registre (exécution par l'utilisateur)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

6. TaskMonitor
Registre (exécution par l'ordinateur)
C:\WINDOWS\taskmon.exe

7. LoadPowerProfile
Registre (exécution par l'ordinateur)
Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

8. FLMK08KB
Registre (exécution par l'ordinateur)
C:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE

9. FLMMEDIONMOUSE
Registre (exécution par l'ordinateur)
C:\Program Files\Browser mouse\1.3\mouse32a.exe

10. USBDetector
Registre (exécution par l'ordinateur)
C:\USBStorage\USBDetector.exe

11. Efface Historique 2.1
Registre (exécution par l'ordinateur)
C:\PROGRAM FILES\EFFACE HISTORIQUE 21\EFFACEHISTORIQUE.EXE -s

12. ATIPOLAB
Registre (service ordinateur)
ati2evxx.exe

13. avast!
Registre (service ordinateur)
C:\Program Files\Alwil Software\Avast4\ashServ.exe

14. KB891711
Registre (service ordinateur)
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

*----> Corrections du système (patches) <----*

Module système
Modifié par
Chemin
-------------------

1. USER
KB891711.EXE
4.10.2222

*----> Points de raccordement système (hooks) <----*

Type de raccordement
Accueillie par
Application
Chemin de la DLL
Chemin de l'application
-------------------------------

1. Système MsgFilter
Moudl32a.dll
MOUSE32A.EXE
C:\PROGRAM FILES\BROWSER MOUSE\1.3\Moudl32a.dll
C:\PROGRAM FILES\BROWSER MOUSE\1.3\MOUSE32A.EXE

2. Souris
Moudl32a.dll
MOUSE32A.EXE
C:\PROGRAM FILES\BROWSER MOUSE\1.3\Moudl32a.dll
C:\PROGRAM FILES\BROWSER MOUSE\1.3\MOUSE32A.EXE

*----> Pilotes noyau <----*

Pilote
Chargé à partir de
Type
Chemin probable
--------------------------

1. VMM

Microsoft Corporation
Gestionnaire de machine virtuelle

2. MTRR

Microsoft Corporation
?

3. VCACHE

Microsoft Corporation
Gestionnaire de mémoire cache

4. DFS
4.10.2222
Microsoft Corporation
DFS Virtual Device (Version 4.0)

5. PERF

Microsoft Corporation
Pilote de récupération des données de l'analyse du système

6. VFIXD
1.00.02
Intel Corporation
Compatibility VxD

7. VPOWERD
4.10.2223
Microsoft Corporation
Périphérique virtuel VPOWERD (version 4.0)

8. VPICD

Microsoft Corporation
Gestionnaire d'interruptions matérielles

9. VrtwD
1.1.075.3
Intel Corporation
Real-Time Clock VxD

10. VTD

Microsoft Corporation
Pilote d'horloge

11. VWIN32

Microsoft Corporation
Pilote de sous-système Win32

12. VXDLDR

Microsoft Corporation
Chargeur de pilote de périphérique dynamique

13. NTKERN

Microsoft Corporation
Modèle de pilote Windows

14. CONFIGMG

Microsoft Corporation
Gestionnaire de configuration

15. PCI
4.10.2223
Microsoft Corporation
PCI Virtual Device (Version 4.0)

16. ISAPNP
4.10.1998
Microsoft Corporation
ISAPNP Virtual Device (Version 4.0)

17. BIOS
4.10.1998
Microsoft Corporation
BIOS Virtual Device (Version 4.0)

18. VCDFSD

Microsoft Corporation
Pilote de système de fichiers pour CD-ROM

19. IOS

Microsoft Corporation
Superviseur d'E/S

20. PAGEFILE

Microsoft Corporation
Pilote de fichier d'échange

21. PAGESWAP

Microsoft Corporation
Gestionnaire de fichier d'échange

22. PARITY

Microsoft Corporation
Pilote de parité mémoire

23. REBOOT

Microsoft Corporation
Gestionnaire d'interruption Ctrl+Alt+Suppr

24. EBIOS

Microsoft Corporation
Pilote BIOS étendu

25. VDD

Microsoft Corporation
Pilote d'affichage

26. ATI2VXAA
4.12.6281
ATI Technologies Inc.
ATI RAGE 128 miniVDD.

27. VSD

Microsoft Corporation
Pilote de haut-parleur

28. COMBUFF

Microsoft Corporation
Pilote de tampons de communication

29. VCD

Microsoft Corporation
Pilote de port de communication

30. VMOUSE

Microsoft Corporation
Pilote de souris

31. MSMINI
4.10.1998
Microsoft Corporation
MSMINI Virtual Device (Version 4.0)

32. VKD

Microsoft Corporation
Pilote de clavier

33. VPD

Microsoft Corporation
Pilote d'imprimante

34. INT13

Microsoft Corporation
Pilote d'émulation du disque dur du BIOS

35. VMCPD

Microsoft Corporation
Pilote de coprocesseur mathématique

36. BIOSXLAT

Microsoft Corporation
Pilote d'émulation du BIOS

37. VNETBIOS
4.10.1998
Microsoft Corporation
Périphérique virtuel VNETBIOS (version 4.0)

38. NDIS
4.10.2222
Microsoft Corporation
Périphérique virtuel NDIS (version 4.0)

39. PPPMAC
4.10.2222
Microsoft Corporation
Pilote PPP virtuel Windows

40. NDISWAN
4.10.1998
Microsoft Corporation
Windows Virtual WAN Protocol Driver

41. VTDI
4.10.1998
Microsoft Corporation
Windows TDI Support Driver

42. WSOCK2
4.10.1998
Microsoft Corporation
Windows Sockets Driver 2 TCP/IP only.

43. VIP
4.10.2226
Microsoft Corporation
Pilote Windows IP

44. MSTCP
4.10.2222
Microsoft Corporation
Windows TCP Driver

45. VDHCP
4.10.2161
Microsoft Corporation
Pilote DHCP VxD

46. VNBT
4.10.2148
Microsoft Corporation
VNBT VxD Driver

47. AFVXD
4.10.2222
Microsoft Corporation
Windows Sockets VTDI Driver

48. DOSMGR

Microsoft Corporation
Gestionnaire d'émulation MS-DOS

49. VMPOLL

Microsoft Corporation
Pilote d'inactivité système

50. JAVASUP
5.00.3810
Microsoft Corporation
Microsoft® Virtual Machine Helper Device for Java

51. VCOMM

Microsoft Corporation
Pilote Plug-and-Play pour port de communication

52. VCOND

Microsoft Corporation
Pilote de sous-système console

53. VTDAPI

Microsoft Corporation
Pilote d'horloge multimédia

54. VFLATD

Microsoft Corporation
Pilote pour la vidéo à ouverture linéaire

55. mmdevldr
4.10.1998
Microsoft Corporation
mmdevldr Virtual Device (Version 4.0)

56. Display1




57. CDTSD
4.10.1998
Microsoft Corporation
CDTSD Virtual Device (Version 4.0)

58. CDVSD
4.10.2222
Microsoft Corporation
CDVSD Virtual Device (Version 4.0)

59. DiskTSD
4.10.2222
Microsoft Corporation
DiskTSD Virtual Device (Version 4.0)

60. DiskVSD
4.10.1998
Microsoft Corporation
DiskVSD Virtual Device (Version 4.0)

61. scsi1hlp
4.10.1998
Microsoft Corporation
scsi1hlp Virtual Device (Version 4.0)

62. voltrack
4.10.1998
Microsoft Corporation
Périphérique virtuel Voltrack (version 4.0)

63. NEROCD95
4.5.0.14
ahead software gmbh
im stoeckmaedle 18
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: info@nero.com
Nero CD driver for Windows 95/98/ME

64. IOMEGA
6.1.0.0
Iomega Corporation
IOMEGA Universal VSD

65. AudioFS
1.31.0
Oak Technology, Inc.
Oak ROM/R/RW Driver

66. CDRALVSD
5.3.2.31
Roxio
Roxio CDRAL Virtual Device

67. CDR4VSD
5.3.2.31
Roxio
CD-R Helper VSD for Windows 95

68. ACbHlpr
1.01
Adaptec
Adaptec's Callback Helper for Windows 9x

69. APIX
4.71 (0002)
Adaptec
Adaptec APIX Virtual Device

70. BIGMEM
4.10.1998
Microsoft Corporation
BIGMEM Virtual Device (Version 4.0)

71. CHIMOUSE
7.5.0.0
CHIC
Windows Mouse Virtual Device Driver

72. SPAP
4.10.2222
Microsoft Corporation
SPAP Virtual Device (Version 4.0)

73. HSFLOP
4.10.2222
Microsoft Corporation
HSFLOP Virtual Device (Version 4.0)

74. ESDI_506
4.10.2225
Microsoft Corporation
ESDI_506 Virtual Device (Version 4.0)

75. SMSCPDR




76. SERENUM
4.10.2222
Microsoft Corporation
SERENUM Virtual Device (Version 4.0)

77. LPTENUM
4.10.1998
Microsoft Corporation
LPTENUM Virtual Device (Version 4.0)

78. Snd801
4.05.00.3116
ForteMedia, Inc.
FM801 Audio Virtual Device

79. DSOUND
4.09.00.0904
Microsoft Corporation
DirectSound VxD

80. FMJOYD
4.05.00.1116
ForteMedia, Inc.
Joystick Virtual Device

81. vjoyd
4.08.01.0881
Microsoft Corporation
Joystick Virtual Device

82. ASWMON




83. WSHTCP
4.10.1998
Microsoft Corporation
Windows Sockets TCP helper Driver

84. KBDVX32A




85. DDRAW
4.07.00.0700
Microsoft Corporation
DirectDraw Virtual Device

86. DRVWPPQT
3.10.36a
Seagate Software, Inc.
Device Driver

87. DRVWQ117
3.10.36a
Seagate Software, Inc.
Device Driver

88. DRVWCDB
3.10.36a
Seagate Software, Inc.
Device Driver

89. VDMAD

Microsoft Corporation
Pilote de contrôleur d'accès direct à la mémoire (DMA)

90. V86MMGR

Microsoft Corporation
Gestionnaire de mémoire MS-DOS

91. SPOOLER

Microsoft Corporation
Spouleur d'impression

92. UDF

Microsoft Corporation
?

93. VFAT

Microsoft Corporation
Pilote du système de fichiers FAT

94. VDEF

Microsoft Corporation
Pilote de système de fichiers par défaut

95. CDFS
4.10.1998
Microsoft Corporation
CDFS Virtual Device (Version 4.0)

96. IFSMGR

Microsoft Corporation
Gestionnaire de système de fichiers

97. VNETSUP
4.10.1998
Microsoft Corporation
VNETSUP Virtual Device (Version 4.0)

98. VREDIR
4.10.2222
Microsoft Corporation
Périphérique virtuel VREDIR (version 4.0)

99. VSERVER
4.10.2224
Microsoft Corporation
Périphérique virtuel VSERVER (version 4.0)

100. VFBACKUP

Microsoft Corporation
Pilote d'aide à la sauvegarde sur disquettes

101. SHELL

Microsoft Corporation
Pilote d'environnement

102. DRWATSON
4.03
Microsoft Corporation
Dr. Watson for Windows 98

103. CnxTgN
28072.099.081.000
Conexant Systems Inc.
NDIS 5.0 WAN driver for PCI ADSL adapter

104. CnxEtP
32.099.081.000
Conexant
Conexant USB WDM

105. rtl8139
5.397.0823.2001
Realtek Semiconductor Corporation
NDIS 5.0 driver

106. NdisIP




107. netpptp
4.10.2222
Microsoft Corporation
Windows Point to Point Tunneling Driver

108. masswdm




109. CnxEtU




110. usbhub




111. WMILIB




112. WMIDRV




113. openhci




114. uhcd




115. USBD




116. Bonifay




117. PCIMP




118. hidvkd




119. swenum




120. ks




121. update




122. wdmfs




*----> Pilotes utilisateur <----*

Pilote
Type
Chemin
--------------

1. mmsystem.dll
4.03.1998
Microsoft Corporation

2. power.drv
4.10.1998
Microsoft Corporation

3. SND801.drv
4.05.00.1116
ForteMedia, Inc.

4. msacm.drv
4.03.1998
Microsoft Corporation

5. midimap.drv
4.03.1998
Microsoft Corporation

6. msjstick.drv
4.05.01.1998
Microsoft Corporation

*----> Pilotes MS-DOS <----*

Nom
Type
------------

1. HIMEM
Pilote de périphérique

2. DBLBUFF
Pilote de périphérique

3. IFSHLP
Pilote de périphérique

*----> Modules 32 bits <----*

Nom
Date
Adresse
Chemin
----------------

1. SETIFACE.DLL




2. RUNDLL32.EXE
4.10.1998
Microsoft Corporation
Exécuter une DLL en tant qu'application

3. SHELL32.DLL
4.72.3812.600
Microsoft Corporation
DLL environnement Windows

4. COMCTL32.DLL
5.81
Microsoft Corporation
Common Controls Library

5. SHLWAPI.DLL
6.00.2800.1612 (xpsp2.041207-114Bibliothèque d'utilitaires légers du Shell
Microsoft Corporation
Bibliothèque d'utilitaires légers du Shell

6. MSVCRT.DLL
6.10.8924.0
Microsoft Corporation
Microsoft (R) C Runtime Library

7. USER32.DLL
4.10.2227
Microsoft Corporation
Win32 USER32 core component

8. GDI32.DLL
4.10.1998
Microsoft Corporation
Win32 GDI core component

9. ADVAPI32.DLL
4.80.1675
Microsoft Corporation
Win32 ADVAPI32 core component

10. KERNEL32.DLL
4.10.2222
Microsoft Corporation
Composant Kernel Win32

*----> Modules 16 bits <----*

Nom
Type
Chemin
--------------

1. KERNEL
4.10.1998
Microsoft Corporation

2. SYSTEM
4.10.1998
Microsoft Corporation

3. KEYBOARD
4.10.2222
Microsoft Corporation

4. MOUSE
9.01.0.000
Microsoft Corporation

5. DISPLAY
4.12.6281
ATI Technologies Inc.

6. DIBENG
4.10.1998
Microsoft Corporation

7. SOUND
4.10.1998
Microsoft Corporation

8. COMM
4.10.1998
Microsoft Corporation

9. GDI
4.10.2222
Microsoft Corporation

10. USER
4.10.2227
Microsoft Corporation

11. DDEML
4.10.1998
Microsoft Corporation

12. MSPLUS
4.40.500
Microsoft Corporation

13. ATI2I9AA
4.12.6281
ATI Technologies Inc.

14. PHONETIC
2.00
Houghton Mifflin Co.

15. MSGSRV32
4.10.2222
Microsoft Corporation

16. MMSYSTEM
4.03.1998
Microsoft Corporation

17. POWER
4.10.1998
Microsoft Corporation

18. LZEXPAND
4.00.429
Microsoft Corporation

19. VER
4.10.1998
Microsoft Corporation

20. SHELL
4.10.1998
Microsoft Corporation

21. COMMCTRL
4.10.1998
Microsoft Corporation

22. SND801
4.05.00.1116
ForteMedia, Inc.

23. MSACMMAP
4.03.1998
Microsoft Corporation

24. MSACM
4.03.1998
Microsoft Corporation

25. MMTASK
4.03.1998
Microsoft Corporation

26. MIDIMAP
4.03.1998
Microsoft Corporation

27. MSJSTICK
4.05.01.1998
Microsoft Corporation

28. KB891711
4.10.2222
Microsoft Corporation

29. Q891711
4.10.2222
Microsoft Corporation

30. TOOLHELP
4.10.1998
Microsoft Corporation

31. COMMDLG
4.00.950
Microsoft Corporation

32. SYSTHUNK
4.10.1998
Microsoft Corporation

33. OLECLI
1.20.000
Microsoft Corporation

34. OLESVR
1.10.000
Microsoft Corporation

35. DCIMAN
4.03.1998
Intel(R) Corp., Microsoft Corp.

36. MSVIDEO
4.03.1998
Microsoft Corporation

37. AVICAP
4.03.1998
Microsoft Corporation

38. WIN87EM



39. PIFMGR
4.10.2222
Microsoft Corporation

40. TSP3216S
4.10.2222
Microsoft Corporation

41. UNIMDM
4.10.2222
Microsoft Corporation

42. UMDM16
4.10.1998
Microsoft Corporation

43. WAN
4.10.2222
Microsoft Corporation

44. NDSWAN16
4.10.2222
Microsoft Corporation

45. DDRAW16
4.07.00.0700
Microsoft Corporation

46. COOLCOLR



47. SETUPX
4.10.2222
Microsoft Corporation

48. HPZ9XD07
2,140,0,0
HP

49. RESPPUI



*----> Détails <----*

Command line: rundll32

Trap 0e 0000 - Erreur de page non valide
eax=0063fc20 ebx=41000005 ecx=80004d00 edx=80006edb esi=7ec73663 edi=819cc64d
eip=10001448 esp=0063fc80 ebp=0063fdd8 -- -- -- nv up EI pl nz na po nc
cs=017f ss=0187 ds=0187 es=0187 fs=3a1f gs=0000
SETIFACE.DLL:.text+0x448:
>017f:10001448 005b00 add byte ptr [ebx],bl

sel type base lim/bot
---- ---- -------- --------
cs 017f r-x- 00000000 ffffffff
ss 0187 rw-e 00000000 000097a0
ds 0187 rw-e 00000000 000097a0
es 0187 rw-e 00000000 000097a0
fs 3a1f rw-- 819cc708 00000037
gs 0000 ----

stack base: 00540000
TIB limits: 0063d000 - 00640000

-- exception record --

Exception Code: c0000005 (Violation d'accès)
Exception Address: 10001448 (SETIFACE.DLL:.text+0x448)
Exception Info: 00000001
41000005

SETIFACE.DLL:.text+0x448:
>017f:10001448 005b00 add byte ptr [ebx],bl

017f:1000142e 2321 and esp,dword ptr [ecx]
017f:10001430 57 push edi
017f:10001431 325732 xor dl,byte ptr [edi+32]
017f:10001434 0400 add al,00
017f:10001436 2421 and al,21
017f:10001438 57 push edi
017f:10001439 3275ab xor dh,byte ptr [ebp-55]
017f:1000143c bb05000041 mov ebx,41000005
017f:10001441 7300 jnc 10001443 = SETIFACE.DLL:.text+0x443
017f:10001443 680069006d push 6d006900
SETIFACE.DLL:.text+0x448:
*017f:10001448 005b00 add byte ptr [ebx],bl
017f:1000144b 0f009931005d00 ltr word ptr [ecx+005d0031]
017f:10001452 2e006700 add byte ptr ss:[edi],ah
017f:10001456 690066000000 imul eax,dword ptr [eax],00000066
017f:1000145c 0000 add byte ptr [eax],al
017f:1000145e ff ?db ff
017f:1000145f ff5348 call dword ptr [ebx+48]
017f:10001462 49 dec ecx
017f:10001463 4d dec ebp
017f:10001464 5f pop edi
017f:10001465 317e31 xor dword ptr [esi+31],edi

--------------------


-- stack summary --

0187:0063fdd8 017f:10001448 SETIFACE.DLL:.text+0x448
(00400000,00000000,819cc64d,0000000a,
819cc4b4,00000044,00000000,00000000)
0187:0063fe38 017f:004010bc RUNDLL32.EXE:.text+0xbc
(00000000,819cc4b4,00000000,646e7552,
32336c6c,45584500,00000000,00000000)
0187:0063ff78 017f:bff8b560 KERNEL32!ApplicationStartup

-- stack trace --

0187:0063fdd8 017f:10001448 SETIFACE.DLL:.text+0x448
(00400000,00000000,819cc64d,0000000a,
819cc4b4,00000044,00000000,00000000)
017f:1000142e 2321 and esp,dword ptr [ecx]
017f:10001430 57 push edi
017f:10001431 325732 xor dl,byte ptr [edi+32]
017f:10001434 0400 add al,00
017f:10001436 2421 and al,21
017f:10001438 57 push edi
017f:10001439 3275ab xor dh,byte ptr [ebp-55]
017f:1000143c bb05000041 mov ebx,41000005
017f:10001441 7300 jnc 10001443 = SETIFACE.DLL:.text+0x443
017f:10001443 680069006d push 6d006900
SETIFACE.DLL:.text+0x448:
*017f:10001448 005b00 add byte ptr [ebx],bl
017f:1000144b 0f009931005d00 ltr word ptr [ecx+005d0031]
017f:10001452 2e006700 add byte ptr ss:[edi],ah
017f:10001456 690066000000 imul eax,dword ptr [eax],00000066
017f:1000145c 0000 add byte ptr [eax],al
017f:1000145e ff ?db ff
017f:1000145f ff5348 call dword ptr [ebx+48]
017f:10001462 49 dec ecx
017f:10001463 4d dec ebp
017f:10001464 5f pop edi
017f:10001465 317e31 xor dword ptr [esi+31],edi

--------------------

0187:0063fe38 017f:004010bc RUNDLL32.EXE:.text+0xbc
(00000000,819cc4b4,00000000,646e7552,
32336c6c,45584500,00000000,00000000)
017f:0040109f b80a000000 mov eax,0000000a
017f:004010a4 7404 jz 004010aa = RUNDLL32.EXE:.text+0xaa
017f:004010a6 0fb745ec movzx eax,word ptr [ebp-14]
017f:004010aa 50 push eax
017f:004010ab 56 push esi
017f:004010ac 6a00 push +00
017f:004010ae 6a00 push +00
017f:004010b0 ff15f8304000 call dword ptr [004030f8] -> KERNEL32.DLL!GetModuleHandleA
017f:004010b6 50 push eax
017f:004010b7 e8e7020000 call 004013a3 = RUNDLL32.EXE:.text+0x3a3
RUNDLL32.EXE:.text+0xbc:
*017f:004010bc 50 push eax
017f:004010bd 8bf0 mov esi,eax
017f:004010bf ff15f4304000 call dword ptr [004030f4] -> KERNEL32.DLL!ExitProcess
017f:004010c5 8bc6 mov eax,esi
017f:004010c7 5e pop esi
017f:004010c8 8be5 mov esp,ebp
017f:004010ca 5d pop ebp
017f:004010cb c3 retd
017f:004010cc 81ec04010000 sub esp,00000104
017f:004010d2 53 push ebx
017f:004010d3 56 push esi

--------------------

0187:0063ff78 017f:bff8b560 KERNEL32!ApplicationStartup

-- stack dump --

0063fc80 6d006900
0063fc84 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
...
0063fc8c 10003a6c = SETIFACE.DLL:.text+0x2a6c

--------------------

017f:10003a51 2bf0 sub esi,eax
017f:10003a53 8a08 mov cl,byte ptr [eax]
017f:10003a55 880c06 mov byte ptr [esi+eax],cl
017f:10003a58 40 inc eax
017f:10003a59 84c9 test cl,cl
017f:10003a5b 75f6 jnz 10003a53 = SETIFACE.DLL:.text+0x2a53
017f:10003a5d 8d442418 lea eax,[esp+18]
017f:10003a61 6884f80010 push 1000f884
017f:10003a66 50 push eax
017f:10003a67 e8c4d9ffff call 10001430 = SETIFACE.DLL:.text+0x430
SETIFACE.DLL:.text+0x2a6c:
*017f:10003a6c 8b7c241c mov edi,dword ptr [esp+1c]
017f:10003a70 83c408 add esp,+08
017f:10003a73 bd03000000 mov ebp,00000003
017f:10003a78 c644241300 mov byte ptr [esp+13],00
017f:10003a7d 32db xor bl,bl
017f:10003a7f 90 nop
017f:10003a80 8a442413 mov al,byte ptr [esp+13]
017f:10003a84 4d dec ebp
017f:10003a85 84c0 test al,al
017f:10003a87 7557 jnz 10003ae0 = SETIFACE.DLL:.text+0x2ae0
017f:10003a89 8d4c2414 lea ecx,[esp+14]

--------------------


0063fc90 0063fcb0 -> 00 8c 01 00 00 00 00 00 2f 09 05 00 00 00 f8 89 ......../.......
0063fc94 1000f884 = SETIFACE.DLL:.rdata+0x884
-> 2f 75 6e 69 6e 73 74 77 69 7a 00 00 2f 75 6e 69 /uninstwiz../uni
0063fc98 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
0063fc9c 00400000 = RUNDLL32.EXE+0x0
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0063fca0 0063fdd8 -> 38 fe 63 00 bc 10 40 00 00 00 40 00 00 00 00 00 8.c...@...@.....
0063fca4 0000000a
0063fca8 3ee700bc
0063fcac 3ee70000
0063fcb0 00018c00
0063fcb4 00000000
0063fcb8 0005092f
0063fcbc 89f80000
0063fcc0 00000000
0063fcc4 092f5a90
0063fcc8 00000e8c
0063fccc 092f0000
0063fcd0 000230e4
0063fcd4 00000000
0063fcd8 299a0000
0063fcdc 00000400
0063fce0 dab02e87
0063fce4 8d580002
0063fce8 01b70020
0063fcec 00000000
0063fcf0 59df0000
0063fcf4 00000000
0063fcf8 bff713e2 = KERNEL32.DLL:_FREQASM+0x3e2

--------------------

017f:bff713c5 c20400 retd 0004
017f:bff713c8 33c0 xor eax,eax
017f:bff713ca ebf7 jmp bff713c3 = KERNEL32.DLL:_FREQASM+0x3c3
017f:bff713cc ebfa jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8
017f:bff713ce ebf8 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8
017f:bff713d0 ebf6 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8
017f:bff713d2 ebf4 jmp bff713c8 = KERNEL32.DLL:_FREQASM+0x3c8
017f:bff713d4 8b442404 mov eax,dword ptr [esp+04]
017f:bff713d8 8f0424 pop dword ptr [esp]
017f:bff713db 2eff1d3497fcbf call fword ptr ss:[bffc9734]
KERNEL32.DLL:_FREQASM+0x3e2:
*017f:bff713e2 b801000100 mov eax,00010001
017f:bff713e7 2eff1d3497fcbf call fword ptr ss:[bffc9734]
017f:bff713ee b843002a00 mov eax,002a0043
017f:bff713f3 2eff1d3497fcbf call fword ptr ss:[bffc9734]
017f:bff713fa 83c414 add esp,+14
017f:bff713fd 0fb7c8 movzx ecx,ax
017f:bff71400 0fa4d310 shld ebx,edx,10
017f:bff71404 c0e302 shl bl,02
017f:bff71407 6681ea0010 sub dx,1000
017f:bff7140c 0fbfc2 movsx eax,dx
017f:bff7140f e9d1000000 jmp bff714e5 = KERNEL32.DLL:_FREQASM+0x4e5

--------------------


0063fcfc 0000017f
0063fd00 bff74272 = KERNEL32.DLL:_FREQASM+0x3272

--------------------

017f:bff74251 e897720200 call bff9b4ed = KERNEL32.DLL:.text+0x224ed
017f:bff74256 6664ff0d1e000000 dec word ptr fs:[0000001e]
017f:bff7425e 5a pop edx
017f:bff7425f ebb1 jmp bff74212 = KERNEL32.DLL:_FREQASM+0x3212
017f:bff74261 ff4210 inc dword ptr [edx+10]
017f:bff74264 ebbd jmp bff74223 = KERNEL32.DLL:_FREQASM+0x3223
017f:bff74266 52 push edx
017f:bff74267 52 push edx
017f:bff74268 681e002a00 push 002a001e
017f:bff7426d e862d1ffff call bff713d4 = KERNEL32.DLL!1
KERNEL32.DLL:_FREQASM+0x3272:
*017f:bff74272 5a pop edx
017f:bff74273 ebae jmp bff74223 = KERNEL32.DLL:_FREQASM+0x3223
017f:bff74275 681c002a00 push 002a001c
017f:bff7427a e855d1ffff call bff713d4 = KERNEL32.DLL!1
017f:bff7427f a1e09cfcbf mov eax,dword ptr [bffc9ce0]
017f:bff74284 8b00 mov eax,dword ptr [eax]
017f:bff74286 0fba704407 btr dword ptr [eax+44],07
017f:bff7428b 73a9 jnc bff74236 = KERNEL32.DLL:_FREQASM+0x3236
017f:bff7428d 8d400c lea eax,[eax+0c]
017f:bff74290 50 push eax
017f:bff74291 6a00 push +00

--------------------


0063fd04 00017ce4
...
0063fd0c bfc05d3b = USER32.DLL:.text+0x4d3b

--------------------

017f:bfc05d15 66ff75bc push word ptr [ebp-44]
017f:bfc05d19 8d45b8 lea eax,[ebp-48]
017f:bfc05d1c 50 push eax
017f:bfc05d1d 804dec01 or byte ptr [ebp-14],01
017f:bfc05d21 e838240000 call bfc0815e = KERNEL32.DLL!FT_Thunk
017f:bfc05d26 0fb7d8 movzx ebx,ax
017f:bfc05d29 8b4d34 mov ecx,dword ptr [ebp+34]
017f:bfc05d2c e833240000 call bfc08164 = KERNEL32.DLL!SUnMapLS
017f:bfc05d31 e804240000 call bfc0813a = KERNEL32.DLL!SUnMapLS_IP_EBP_16
017f:bfc05d36 e8f3230000 call bfc0812e = KERNEL32.DLL!SUnMapLS_IP_EBP_12
USER32.DLL:.text+0x4d3b:
*017f:bfc05d3b e9a8240000 jmp bfc081e8 = KERNEL32.DLL!FT_Exit48
017f:bfc05d40 55 push ebp
017f:bfc05d41 7372 jnc bfc05db5 = USER32.DLL:.text+0x4db5
017f:bfc05d43 3332 xor esi,dword ptr [edx]
017f:bfc05d45 7468 jz bfc05daf = USER32.DLL:.text+0x4daf
017f:bfc05d47 6b436f6e imul eax,dword ptr [ebx+6f],6e
017f:bfc05d4b 6e outs dx,byte ptr ds:[esi]
017f:bfc05d4c 656374696f arpl word ptr gs:[ecx+ebp*2+6f],esi
017f:bfc05d51 6e outs dx,byte ptr ds:[esi]
017f:bfc05d52 44 inc esp
017f:bfc05d53 61 popad

--------------------


0063fd10 0063fd2d -> ff 63 00 c4 26 f7 bf 26 5d c0 bf 00 70 63 00 4d .c..&..&]...pc.M
0063fd14 00000000
...
0063fd1c 0063ff68 -> ff ff ff ff b4 05 fc bf 38 91 f7 bf 00 00 00 00 ........8.......
0063fd20 bff726c4 = KERNEL32.DLL:_FREQASM+0x16c4
-> 55 8b ec 8b 45 08 f7 40 04 06 00 00 00 75 48 83 U...E..@.....uH.
0063fd24 172706a7
0063fd28 821b53f2 -> a7 06 27 17 00 00 00 1c c5 f2 13 c5 23 23 c5 36 ..'.........##.6
0063fd2c 0063ff68 -> ff ff ff ff b4 05 fc bf 38 91 f7 bf 00 00 00 00 ........8.......
0063fd30 bff726c4 = KERNEL32.DLL:_FREQASM+0x16c4
-> 55 8b ec 8b 45 08 f7 40 04 06 00 00 00 75 48 83 U...E..@.....uH.
0063fd34 bfc05d26 = USER32.DLL:.text+0x4d26

--------------------

017f:bfc05d05 8b4534 mov eax,dword ptr [ebp+34]
017f:bfc05d08 e8b5230000 call bfc080c2 = KERNEL32.DLL!SMapLS
017f:bfc05d0d 895534 mov dword ptr [ebp+34],edx
017f:bfc05d10 50 push eax
017f:bfc05d11 66ff752e push word ptr [ebp+2e]
017f:bfc05d15 66ff75bc push word ptr [ebp-44]
017f:bfc05d19 8d45b8 lea eax,[ebp-48]
017f:bfc05d1c 50 push eax
017f:bfc05d1d 804dec01 or byte ptr [ebp-14],01
017f:bfc05d21 e838240000 call bfc0815e = KERNEL32.DLL!FT_Thunk
USER32.DLL:.text+0x4d26:
*017f:bfc05d26 0fb7d8 movzx ebx,ax
017f:bfc05d29 8b4d34 mov ecx,dword ptr [ebp+34]
017f:bfc05d2c e833240000 call bfc08164 = KERNEL32.DLL!SUnMapLS
017f:bfc05d31 e804240000 call bfc0813a = KERNEL32.DLL!SUnMapLS_IP_EBP_16
017f:bfc05d36 e8f3230000 call bfc0812e = KERNEL32.DLL!SUnMapLS_IP_EBP_12
017f:bfc05d3b e9a8240000 jmp bfc081e8 = KERNEL32.DLL!FT_Exit48
017f:bfc05d40 55 push ebp
017f:bfc05d41 7372 jnc bfc05db5 = USER32.DLL:.text+0x4db5
017f:bfc05d43 3332 xor esi,dword ptr [edx]
017f:bfc05d45 7468 jz bfc05daf = USER32.DLL:.text+0x4daf
017f:bfc05d47 6b436f6e imul eax,dword ptr [ebx+6f],6e

--------------------


0063fd38 00637000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................
0063fd3c 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
0063fd40 00000000
0063fd44 00000001
0063fd48 00003000
0063fd4c 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
0063fd50 00000000
0063fd54 0000000a
0063fd58 0063fdbc -> 8c 0e 00 00 00 00 40 00 4d c6 9c 81 0a 00 00 00 ......@.M.......
0063fd5c 00401363 = RUNDLL32.EXE:.text+0x363

--------------------

017f:00401348 51 push ecx
017f:00401349 51 push ecx
017f:0040134a 51 push ecx
017f:0040134b 50 push eax
017f:0040134c 50 push eax
017f:0040134d 51 push ecx
017f:0040134e 6818104000 push 00401018
017f:00401353 6800104000 push 00401000
017f:00401358 6880000000 push 00000080
017f:0040135d ff1520314000 call dword ptr [00403120] -> USER32.DLL!CreateWindowExA
RUNDLL32.EXE:.text+0x363:
*017f:00401363 a310204000 mov dword ptr [00402010],eax
017f:00401368 83f801 cmp eax,+01
017f:0040136b 1bc0 sbb eax,eax
017f:0040136d 40 inc eax
017f:0040136e 5e pop esi
017f:0040136f 8be5 mov esp,ebp
017f:00401371 5d pop ebp
017f:00401372 c20800 retd 0008
017f:00401375 a110204000 mov eax,dword ptr [00402010]
017f:0040137a 85c0 test eax,eax
017f:0040137c 7407 jz 00401385 = RUNDLL32.EXE:.text+0x385

--------------------


0063fd60 00000080
0063fd64 80004d88 -> 01 00 00 00 fc f3 00 bf 3f 00 e0 57 94 f3 00 80 ........?..W....
0063fd68 80006e88 -> 88 4d 00 80 fc f3 00 bf 3f 04 60 8b 8d f3 00 81 .M......?.`.....
0063fd6c 00000000
0063fd70 80000000
...
0063fd78 00000000
...
0063fd88 00400000 = RUNDLL32.EXE+0x0
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0063fd8c 00000000
0063fd90 00400000 = RUNDLL32.EXE+0x0
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0063fd94 00000000
0063fd98 0040128d = RUNDLL32.EXE:.text+0x28d

--------------------

017f:0040126c 50 push eax
017f:0040126d ff152c314000 call dword ptr [0040312c] -> USER32.DLL!LoadIconA
017f:00401273 a304204000 mov dword ptr [00402004],eax
017f:00401278 a104204000 mov eax,dword ptr [00402004]
017f:0040127d 50 push eax
017f:0040127e 6af2 push -0e
017f:00401280 ff7508 push dword ptr [ebp+08]
017f:00401283 ff1530314000 call dword ptr [00403130] -> USER32.DLL!SetClassLongA
017f:00401289 5d pop ebp
017f:0040128a c20c00 retd 000c
RUNDLL32.EXE:.text+0x28d:
*017f:0040128d 55 push ebp
017f:0040128e 8b44240c mov eax,dword ptr [esp+0c]
017f:00401292 8bec mov ebp,esp
017f:00401294 83f801 cmp eax,+01
017f:00401297 741c jz 004012b5 = RUNDLL32.EXE:.text+0x2b5
017f:00401299 83f802 cmp eax,+02
017f:0040129c 742a jz 004012c8 = RUNDLL32.EXE:.text+0x2c8
017f:0040129e ff7514 push dword ptr [ebp+14]
017f:004012a1 ff7510 push dword ptr [ebp+10]
017f:004012a4 83f84e cmp eax,+4e
017f:004012a7 7425 jz 004012ce = RUNDLL32.EXE:.text+0x2ce

--------------------


0063fd9c 00000000
...
0063fda4 00400000 = RUNDLL32.EXE+0x0
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0063fda8 000037af
0063fdac 00001456
0063fdb0 00000006
0063fdb4 8ed895e2
0063fdb8 00401409 = RUNDLL32.EXE:.text+0x409

--------------------

017f:004013e5 a110204000 mov eax,dword ptr [00402010]
017f:004013ea 833d1420400000 cmp dword ptr [00402014],+00
017f:004013f1 57 push edi
017f:004013f2 56 push esi
017f:004013f3 50 push eax
017f:004013f4 740d jz 00401403 = RUNDLL32.EXE:.text+0x403
017f:004013f6 ff3508204000 push dword ptr [00402008]
017f:004013fc e877000000 call 00401478 = SHELL32.DLL!122
017f:00401401 eb06 jmp 00401409 = RUNDLL32.EXE:.text+0x409
017f:00401403 ff1508204000 call dword ptr [00402008] -> SETIFACE.DLL!RunSetup
RUNDLL32.EXE:.text+0x409:
*017f:00401409 e867ffffff call 00401375 = RUNDLL32.EXE:.text+0x375
017f:0040140e 33c0 xor eax,eax
017f:00401410 5f pop edi
017f:00401411 5e pop esi
017f:00401412 5b pop ebx
017f:00401413 5d pop ebp
017f:00401414 c21000 retd 0010
017f:00401417 55 push ebp
017f:00401418 8bec mov ebp,esp
017f:0040141a 81ec94020000 sub esp,00000294
017f:00401420 68c8000000 push 000000c8

--------------------


0063fdbc 00000e8c
0063fdc0 00400000 = RUNDLL32.EXE+0x0
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0063fdc4 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
0063fdc8 0000000a
0063fdcc 00000000
0063fdd0 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
0063fdd4 00000000
0063fdd8 0063fe38 -> 78 ff 63 00 60 b5 f8 bf 00 00 00 00 b4 c4 9c 81 x.c.`...........
0063fddc 004010bc = RUNDLL32.EXE:.text+0xbc

--------------------

017f:0040109f b80a000000 mov eax,0000000a
017f:004010a4 7404 jz 004010aa = RUNDLL32.EXE:.text+0xaa
017f:004010a6 0fb745ec movzx eax,word ptr [ebp-14]
017f:004010aa 50 push eax
017f:004010ab 56 push esi
017f:004010ac 6a00 push +00
017f:004010ae 6a00 push +00
017f:004010b0 ff15f8304000 call dword ptr [004030f8] -> KERNEL32.DLL!GetModuleHandleA
017f:004010b6 50 push eax
017f:004010b7 e8e7020000 call 004013a3 = RUNDLL32.EXE:.text+0x3a3
RUNDLL32.EXE:.text+0xbc:
*017f:004010bc 50 push eax
017f:004010bd 8bf0 mov esi,eax
017f:004010bf ff15f4304000 call dword ptr [004030f4] -> KERNEL32.DLL!ExitProcess
017f:004010c5 8bc6 mov eax,esi
017f:004010c7 5e pop esi
017f:004010c8 8be5 mov esp,ebp
017f:004010ca 5d pop ebp
017f:004010cb c3 retd
017f:004010cc 81ec04010000 sub esp,00000104
017f:004010d2 53 push ebx
017f:004010d3 56 push esi

--------------------


0063fde0 00400000 = RUNDLL32.EXE+0x0
-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
0063fde4 00000000
0063fde8 819cc64d -> 00 3a 5c 50 52 4f 47 52 41 7e 31 5c 41 4c 57 49 .:\PROGRA.1\ALWI
0063fdec 0000000a
0063fdf0 819cc4b4 -> 06 00 07 00 c0 cc 70 c1 00 00 00 00 00 00 00 00 ......p.........
0063fdf4 00000044
0063fdf8 00000000
...
0063fe04 0002d454
0063fe08 8e88124d
0063fe0c 167f11f1
0063fe10 00000006
0063fe14 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7

--------------------

017f:bff741dd 51 push ecx
017f:bff741de 52 push edx
017f:bff741df 681d002a00 push 002a001d
017f:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1
017f:bff741e9 59 pop ecx
017f:bff741ea 5a pop edx
017f:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5
017f:bff741ed 8b542404 mov edx,dword ptr [esp+04]
017f:bff741f1 50 push eax
017f:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb
KERNEL32.DLL:_FREQASM+0x31f7:
*017f:bff741f7 58 pop eax
017f:bff741f8 c20400 retd 0004
017f:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01
017f:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236
017f:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470]
017f:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212
017f:bff7420c 837a0401 cmp dword ptr [edx+04],+01
017f:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238
017f:bff74212 ff4a04 dec dword ptr [edx+04]
017f:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261
017f:bff74217 c7420800000000 mov dword ptr [edx+08],00000000

--------------------


0063fe18 00000008
0063fe1c bff7698b = KERNEL32.DLL:_FREQASM+0x598b

--------------------

017f:bff76969 7512 jnz bff7697d = KERNEL32.DLL:_FREQASM+0x597d
017f:bff7696b a801 test al,01
017f:bff7696d 7520 jnz bff7698f = KERNEL32.DLL:_FREQASM+0x598f
017f:bff7696f 8b15bca0fcbf mov edx,dword ptr [bffca0bc]
017f:bff76975 8911 mov dword ptr [ecx],edx
017f:bff76977 890dbca0fcbf mov dword ptr [bffca0bc],ecx
017f:bff7697d a804 test al,04
017f:bff7697f 75d6 jnz bff76957 = KERNEL32.DLL:_FREQASM+0x5957
017f:bff76981 68c094fcbf push bffc94c0
017f:bff76986 e862d8ffff call bff741ed = KERNEL32.DLL!98
KERNEL32.DLL:_FREQASM+0x598b:
*017f:bff7698b c9 leave
017f:bff7698c c20400 retd 0004
017f:bff7698f 50 push eax
017f:bff76990 51 push ecx
017f:bff76991 e8f1640000 call bff7ce87 = KERNEL32.DLL:.text+0x3e87
017f:bff76996 58 pop eax
017f:bff76997 ebe4 jmp bff7697d = KERNEL32.DLL:_FREQASM+0x597d
017f:bff76999 64ff3500000000 push dword ptr fs:[00000000]
017f:bff769a0 55 push ebp
017f:bff769a1 8d4c2404 lea ecx,[esp+04]
017f:bff769a5 16 push ss

--------------------


0063fe20 00000000
0063fe24 00000001
0063fe28 00000000
0063fe2c bff71547 = KERNEL32.DLL:_FREQASM+0x547

--------------------

017f:bff7151d 660bff or di,di
017f:bff71520 740c jz bff7152e = KERNEL32.DLL:_FREQASM+0x52e
017f:bff71522 a1e09cfcbf mov eax,dword ptr [bffc9ce0]
017f:bff71527 ff30 push dword ptr [eax]
017f:bff71529 e81c540000 call bff7694a = KERNEL32.DLL:_FREQASM+0x594a
017f:bff7152e 66648b3d1e000000 mov di,word ptr fs:[0000001e]
017f:bff71536 6683ef01 sub di,+01
017f:bff7153a 730b jnc bff71547 = KERNEL32.DLL:_FREQASM+0x547
017f:bff7153c 8b157094fcbf mov edx,dword ptr [bffc9470]
017f:bff71542 e8b42c0000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb
KERNEL32.DLL:_FREQASM+0x547:
*017f:bff71547 6664893d1e000000 mov word ptr fs:[0000001e],di
017f:bff7154f 8bc6 mov eax,esi
017f:bff71551 0fb6cb movzx ecx,bl
017f:bff71554 5f pop edi
017f:bff71555 5e pop esi
017f:bff71556 5b pop ebx
017f:bff71557 5d pop ebp
017f:bff71558 5a pop edx
017f:bff71559 03e1 add esp,ecx
017f:bff7155b ffe2 jmp edx
017f:bff7155d 55 push ebp

--------------------


0063fe30 0063eee8 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0063fe34 00000e68
0063fe38 0063ff78 -> f4 ff 63 00 12 b4 f8 bf 00 c7 9c 81 08 00 00 00 ..c.............
0063fe3c bff8b560 = KERNEL32!ApplicationStartup

--------------------

017f:bff8b53c 7413 jz bff8b551 = KERNEL32.DLL:.text+0x12551
017f:bff8b53e 6a00 push +00
017f:bff8b540 56 push esi
017f:bff8b541 e82859ffff call bff80e6e = KERNEL32.DLL:.text+0x7e6e
017f:bff8b546 50 push eax
017f:bff8b547 6800050000 push 00000500
017f:bff8b54c e8c45fffff call bff81515 = KERNEL32.DLL:.text+0x8515
017f:bff8b551 c745fc00000000 mov dword ptr [ebp-04],00000000
017f:bff8b558 8b45d4 mov eax,dword ptr [ebp-2c]
017f:bff8b55b e8b98dfeff call bff74319 = KERNEL32.DLL:_FREQASM+0x3319
KERNEL32!ApplicationStartup:
*017f:bff8b560 8945d8 mov dword ptr [ebp-28],eax
017f:bff8b563 eb1a jmp bff8b57f = KERNEL32.DLL:.text+0x1257f
017f:bff8b565 ff75ec push dword ptr [ebp-14]
017f:bff8b568 e8c7250100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter
017f:bff8b56d c3 retd
017f:bff8b56e 8b65e8 mov esp,dword ptr [ebp-18]
017f:bff8b571 8b45e0 mov eax,dword ptr [ebp-20]
017f:bff8b574 80480308 or byte ptr [eax+03],08
017f:bff8b578 6aff push -01
017f:bff8b57a e8501c0000 call bff8d1cf = KERNEL32.DLL:.text+0x141cf
017f:bff8b57f c745fcffffffff mov dword ptr [ebp-04],ffffffff

--------------------


0063fe40 00000000
0063fe44 819cc4b4 -> 06 00 07 00 c0 cc 70 c1 00 00 00 00 00 00 00 00 ......p.........
0063fe48 00000000
0063fe4c 646e7552
0063fe50 32336c6c
0063fe54 45584500
0063fe58 00000000
...
0063ff38 0063ff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff 63 00 ....8.........c.
0063ff3c 81949050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0063ff40 819cc6e0 -> 1c 00 00 a0 64 ba 9c 81 64 ba 9c 81 64 ba 9c 81 ....d...d...d...
0063ff44 c170d100 -> 01 00 00 00 00 c7 9c 81 b4 c4 9c 81 60 ce 70 c1 ............`.p.
0063ff48 0063ff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff 63 00 ....8.........c.
0063ff4c 00401048 = RUNDLL32.EXE:.text+0x48

--------------------

017f:0040102e 8a5c240c mov bl,byte ptr [esp+0c]
017f:00401032 3818 cmp byte ptr [eax],bl
017f:00401034 740e jz 00401044 = RUNDLL32.EXE:.text+0x44
017f:00401036 50 push eax
017f:00401037 ff1528314000 call dword ptr [00403128] -> USER32.DLL!CharNextA
017f:0040103d 803800 cmp byte ptr [eax],00
017f:00401040 75f0 jnz 00401032 = RUNDLL32.EXE:.text+0x32
017f:00401042 33c0 xor eax,eax
017f:00401044 5b pop ebx
017f:00401045 c20800 retd 0008
RUNDLL32.EXE:.text+0x48:
*017f:00401048 55 push ebp
017f:00401049 8bec mov ebp,esp
017f:0040104b 83ec44 sub esp,+44
017f:0040104e 56 push esi
017f:0040104f ff15c8304000 call dword ptr [004030c8] -> KERNEL32.DLL!GetCommandLineA
017f:00401055 8bf0 mov esi,eax
017f:00401057 8a00 mov al,byte ptr [eax]
017f:00401059 3c22 cmp al,22
017f:0040105b 7513 jnz 00401070 = RUNDLL32.EXE:.text+0x70
017f:0040105d 46 inc esi
017f:0040105e 8a06 mov al,byte ptr [esi]

--------------------


0063ff50 bff7b326 = KERNEL32.DLL:.text+0x2326

--------------------

017f:bff7b309 8b00 mov eax,dword ptr [eax]
017f:bff7b30b 894304 mov dword ptr [ebx+04],eax
017f:bff7b30e 6800020000 push 00000200
017f:bff7b313 51 push ecx
017f:bff7b314 ff75fc push dword ptr [ebp-04]
017f:bff7b317 56 push esi
017f:bff7b318 e8f4edffff call bff7a111 = KERNEL32.DLL:.text+0x1111
017f:bff7b31d ff750c push dword ptr [ebp+0c]
017f:bff7b320 56 push esi
017f:bff7b321 e8caedffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0
KERNEL32.DLL:.text+0x2326:
*017f:bff7b326 b801000000 mov eax,00000001
017f:bff7b32b 5f pop edi
017f:bff7b32c 5e pop esi
017f:bff7b32d 5b pop ebx
017f:bff7b32e 8be5 mov esp,ebp
017f:bff7b330 5d pop ebp
017f:bff7b331 c20c00 retd 000c
017f:bff7b334 55 push ebp
017f:bff7b335 8bec mov ebp,esp
017f:bff7b337 83ec04 sub esp,+04
017f:bff7b33a a1e49cfcbf mov eax,dword ptr [bffc9ce4]

--------------------


0063ff54 00000000
0063ff58 819cc4d4 -> 00 02 00 00 80 67 01 00 1f 3b b9 00 01 00 01 00 .....g...;......
0063ff5c 3a0e0000
0063ff60 0063fe40 -> 00 00 00 00 b4 c4 9c 81 00 00 00 00 52 75 6e 64 ............Rund
0063ff64 0063fab0 -> 88 fb 63 00 a4 fb 63 00 dc fa 63 00 49 68 f7 bf ..c...c...c.Ih..
0063ff68 ffffffff
0063ff6c bffc05b4 = KERNEL32.DLL:.text+0x475b4
-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E
0063ff70 bff79138 = KERNEL32.DLL:.text+0x138
-> ff ff ff ff 65 b5 f8 bf 6e b5 f8 bf 00 00 00 00 ....e...n.......
0063ff74 00000000
0063ff78 0063fff4 -> ec bf 8c 83 d5 9d f8 bf 00 00 00 00 ............
0063ff7c bff8b412 = KERNEL32.DLL:.text+0x12412

--------------------

017f:bff8b3f3 ff7508 push dword ptr [ebp+08]
017f:bff8b3f6 56 push esi
017f:bff8b3f7 e8c9560000 call bff90ac5 = KERNEL32.DLL:.text+0x17ac5
017f:bff8b3fc ff7508 push dword ptr [ebp+08]
017f:bff8b3ff 33ff xor edi,edi
017f:bff8b401 57 push edi
017f:bff8b402 ff7634 push dword ptr [esi+34]
017f:bff8b405 e80397feff call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d
017f:bff8b40a 897d08 mov dword ptr [ebp+08],edi
017f:bff8b40d e84a000000 call bff8b45c = KERNEL32.DLL:.text+0x1245c
KERNEL32.DLL:.text+0x12412:
*017f:bff8b412 a1e49cfcbf mov eax,dword ptr [bffc9ce4]
017f:bff8b417 8b00 mov eax,dword ptr [eax]
017f:bff8b419 83c060 add eax,+60
017f:bff8b41c 50 push eax
017f:bff8b41d e8cb8dfeff call bff741ed = KERNEL32.DLL!98
017f:bff8b422 e87626ffff call bff7da9d = KERNEL32.DLL:.text+0x4a9d
017f:bff8b427 8945f0 mov dword ptr [ebp-10],eax
017f:bff8b42a 837df800 cmp dword ptr [ebp-08],+00
017f:bff8b42e 7408 jz bff8b438 = KERNEL32.DLL:.text+0x12438
017f:bff8b430 ff75f8 push dword ptr [ebp-08]
017f:bff8b433 e843020000 call bff8b67b = KERNEL32.DLL:.text+0x1267b

--------------------


0063ff80 819cc700 -> 07 00 00 00 e0 d0 70 c1 78 fa 63 00 00 00 64 00 ......p.x.c...d.
0063ff84 00000008
0063ff88 819cc4b4 -> 06 00 07 00 c0 cc 70 c1 00 00 00 00 00 00 00 00 ......p.........
0063ff8c 00000000
...
0063ffd0 0002ffff
0063ffd4 0000f263
0063ffd8 0063e000 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0063ffdc 00640000
0063ffe0 00000000
0063ffe4 ffffffff
0063ffe8 819caf68 -> 50 45 00 00 4c 01 05 00 03 9a 46 35 00 00 00 00 PE..L.....F5....
0063ffec 00000000
0063fff0 4a173a0e
0063fff4 838cbfec
0063fff8 bff89dd5 = KERNEL32.DLL:.text+0x10dd5

--------------------

017f:bff89db2 e8a94b0000 call bff8e960 = KERNEL32.DLL:.text+0x15960
017f:bff89db7 56 push esi
017f:bff89db8 e8e32bffff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0
017f:bff89dbd 33c0 xor eax,eax
017f:bff89dbf ebdf jmp bff89da0 = KERNEL32.DLL:.text+0x10da0
017f:bff89dc1 f644240c10 test byte ptr [esp+0c],10
017f:bff89dc6 7505 jnz bff89dcd = KERNEL32.DLL:.text+0x10dcd
017f:bff89dc8 e8a1deffff call bff87c6e = KERNEL32.DLL:.text+0xec6e
017f:bff89dcd ff742408 push dword ptr [esp+08]
017f:bff89dd1 ff542408 call dword ptr [esp+08]
KERNEL32.DLL:.text+0x10dd5:
*017f:bff89dd5 c20c00 retd 000c
017f:bff89dd8 56 push esi
017f:bff89dd9 a1e49cfcbf mov eax,dword ptr [bffc9ce4]
017f:bff89dde 8b742408 mov esi,dword ptr [esp+08]
017f:bff89de2 57 push edi
017f:bff89de3 8b38 mov edi,dword ptr [eax]
017f:bff89de5 8b4608 mov eax,dword ptr [esi+08]
017f:bff89de8 85c0 test eax,eax
017f:bff89dea 7413 jz bff89dff = KERNEL32.DLL:.text+0x10dff
017f:bff89dec 50 push eax
017f:bff89ded e8feb7feff call bff755f0 = KERNEL32.DLL:_FREQASM+0x45f0

--------------------


0063fffc 00000000

HELP HELP ...... daniel22

Bonsoir daniel22,

OK, tu es sous Windows 98 SE, comme moi, et avast! a un peu beaucoup morflé (setiface.dll en est un élément sensible). La solution de secours, maintenant, c'est avast! uninstall utility, télécharge aswClear.exe (197 ko) et exécute-le.
http://www.asw.cz/eng/avast_uninstall_util.html

Cordialement,
pierrotlefou

Bonsoir Pierrotlefou,

J'ai donct désintallé et réinstallé Avast ..

mais maintenant :
-j'ai un écran de sai