probleme avec windows ..

youhou tous le monde

Voila depuis hier mon pc lag , les racourcis devien une icone " fichier " , etc

j’ai fais un scan avec hijackhunter meilleur que hijackthis a mon avis ^^':

Hijack Hunter 1.7.0.0

Log created on 23/04/2010 at 16:33:53

[+] Generic system info

Operating System: Windows 7 Home Premium 64-bit OS
Build Version: 7600.win7_gdr.100226-1909
Internet Explorer: 8.0.7600.16385
System Folder: C:\Windows\system32

[+] Running processes

C:\Windows\System32\nvvsvc.exe (0 bytes) (NVIDIA Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (2335216 bytes) (Unknown) (7bd9afb7a240a54d96e6d60729927c50)
C:\Windows\System32\nvvsvc.exe (0 bytes) (NVIDIA Corporation) (d41d8cd98f00b204e9800998ecf8427e)
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (73728 bytes) (Hewlett-Packard Company) (108333981c841eb0ff198aa5dfcf3d3b)
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (43010392 bytes) (Microsoft Corporation) (b05640ac812fccb488328df34e7f663a)
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (8041360 bytes) (COMODO) (69d2a44003dcbab6da699c084351d729)
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe (94208 bytes) (Hewlett-Packard Company) (ddb1c559e36063532ed1cbc101c17da3)
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (157720 bytes) (Microsoft Corporation) (6d65985945b03ca59b67d0b73702fc7b)
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (206120 bytes) (CyberLink) (ef06e2deda4bebf1848fe395d078ffc1)
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (128296 bytes) (CyberLink Corp.) (536efce2544ebfd209eded39caa3901a)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (130384 bytes) (Microsoft Corporation) (c5a75eb48e2344abdc162bda79e16841)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (138576 bytes) (Microsoft Corporation) (c6f9af94dcd58122a4d7e89db6bed29d)
C:\Program Files\Microsoft Fix it Center\Matsvc.exe (342320 bytes) (Microsoft Corporation) (e7480e77f9f8461ade29029041ed463c)
C:\Program Files (x86)\CCleaner\CCleaner.exe (1654584 bytes) (Piriform Ltd) (9ed7547d6ba9ec7c067ca57766e30ad5)
C:\Program Files (x86)\Opera\opera.exe (835952 bytes) (Opera Software) (15a4f7b74e9a7df486603a699de74c23)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe (522240 bytes) (NoVirusThanks Company Srl) (bb3e2541504ccfd1a70dec48cc163575)

[+] Loaded Modules

C:\Windows\syswow64\guard32.dll (277240 bytes) (COMODO) (93981acf218f06b4d98c995906f51852)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll (530432 bytes) (Microsoft Corporation) (b62aa1bb1f63839051441d2c6dd7b775)
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll (632656 bytes) (Microsoft Corporation) (c4e9e285e1730d864dd4b35b73cdafdb)
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll (554816 bytes) (Microsoft Corporation) (cfc54225d1870fdbf6e9e75fb83a27cb)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (413008 bytes) (Microsoft Corporation) (83ba5e873164a3711b44052f58c8fe9f)
C:\Windows\system32\guard32.dll (277240 bytes) (COMODO) (93981acf218f06b4d98c995906f51852)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (1680896 bytes) (Microsoft Corporation) (0fa436a553408cbeba070e3182658de3)
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (1624576 bytes) (Microsoft Corporation) (edb57065790b62ef83be117ad3edfde2)
C:\Windows\system32\MSVCP71.dll (499712 bytes) (Microsoft Corporation) (561fa2abb31dfa8fab762145f81667c2)
C:\Windows\system32\MSVCR71.dll (348160 bytes) (Microsoft Corporation) (86f1895ae8c5e8b17d99ece768a70732)
C:\Windows\system32\MFC71U.DLL (1047552 bytes) (Microsoft Corporation) (7b93c623333f121dc9e689ccb1b7a733)
C:\Windows\system32\MSVCR100_CLR0400.dll (771424 bytes) (Microsoft Corporation) (e5f7c30edf0892667933be879f067d67)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll (335184 bytes) (Microsoft Corporation) (ab690cd34cf4b4e3ddf78fd4fbcf88c3)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll (42312 bytes) (Microsoft Corporation) (6c69ea6a0c308a0fb81992cac9f39c59)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll (6730056 bytes) (Microsoft Corporation) (cc30b8e9489f35940de00f407f61a592)

[+] Registry startups

Value: Userinit
Data: C:\Windows\system32\userinit.exe
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Value: AppInit_DLLs
Data: C:\Windows\SysWOW64\guard32.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}

[+] Other Startups Methods

[+] Startup folders

[+] TCPIP nameservers

[+] Internet Explorer settings

Value: Start Page
Data: http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_BE&c=94&bd=Pavilion&pf=cndt
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Start Page
Data: http://www.google.be/
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Page_URL
Data: http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_BE&c=94&bd=Pavilion&pf=cndt
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

[+] Internet Explorer Trusted Sites

[+] Windows Firewall allowed programs

[+] Windows Firewall allowed ports

[+] System Hijack

Value: EnableLUA
Data: 0
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Start
Data: 4
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

Value: Wallpaper
Data: C:\Users\Auxilium\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: LoadAppInit_DLLs
Data: 1
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

[+] Executables in Temp folders

[+] Executables in suspicious folders

C:\procexp.exe (3925880 bytes) (Sysinternals - www.sysinternals.com) (f1ba90ae5348a6792c922c240c6fa495)

[+] Unknown .SYS files

[+] Non accessible files

[+] Executables in Internet Explorer Folder

[+] Hidden files in suspicious folders

[+] Checking for Suspicious Registry Keys

[+] Suspicious folders

[+] Drivers

C:\Windows\system32\drivers\amdxata.sys (amdxata) (amdxata) (Advanced Micro Devices) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\aver888rc_64.sys (AVER_H193) (AVerMedia H193 Video Capture) (AVerMedia TECHNOLOGIES, Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\blbdrive.sys (blbdrive) (blbdrive) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\circlass.sys (circlass) (Consumer IR Devices) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\cmderd.sys (cmderd) (COMODO Internet Security Eradication Driver) (COMODO) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\cmdguard.sys (cmdGuard) (COMODO Internet Security Sandbox Driver) (COMODO) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\cmdhlp.sys (cmdHlp) (COMODO Internet Security Helper Driver) (COMODO) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\aver888rcir_64.sys (CXCIR) (AVerMedia Consumer Infrared Receiver) (AVerMedia TECHNOLOGIES, Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\hidir.sys (HidIr) (Stuurprogramma voor Microsoft infrarood HID) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\inspect.sys (inspect) (COMODO Internet Security Firewall Driver) (COMODO) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\rtkvhd64.sys (IntcAzAudAddService) (Service for Realtek HD Audio (WDM)) (Realtek Semiconductor Corp.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\intelide.sys (intelide) (intelide) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\lhidfilt.sys (LHidFilt) (Logitech SetPoint KMDF HID Filter Driver) (Logitech, Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\lmoufilt.sys (LMouFilt) (Logitech SetPoint KMDF Mouse Filter Driver) (Logitech, Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\netr28x.sys (netr28x) (Ralink 802.11n Extensible Wireless Driver) (Ralink Technology, Corp.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\nvhda64v.sys (NVHDA) (Service for NVIDIA High Definition Audio Driver) (NVIDIA Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\nvlddmkm.sys (nvlddmkm) (nvlddmkm) (NVIDIA Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\rt64win7.sys (RTL8167) (Realtek 8167 NT Driver) (Realtek) (d41d8cd98f00b204e9800998ecf8427e)
c:\windows\system32\drivers\sbredrv.sys (SBRE) (SBRE) (Sunbelt Software) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\swenum.sys (swenum) (Software Bus-stuurprogramma) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)

[+] Drivers → FSFilter Anti-Virus

Driver Name: cmdGuard
Driver File:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard

[+] Services

c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe (clr_optimization_v4.0.30319_32) (Microsoft .NET Framework NGEN v4.0.30319_X86) (Microsoft Corporation) (c5a75eb48e2344abdc162bda79e16841)
c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe (clr_optimization_v4.0.30319_64) (Microsoft .NET Framework NGEN v4.0.30319_X64) (Microsoft Corporation) (c6f9af94dcd58122a4d7e89db6bed29d)
c:\program files\comodo\comodo internet security\cmdagent.exe (cmdAgent) (COMODO Internet Security Helper Service) (Unknown) (7bd9afb7a240a54d96e6d60729927c50)

[+] ServiceDll

C:\Windows\System32\ezsvc7.dll (129584 bytes) (EasyBits Sofware AS) (1d225a72413f32b5db69e94fb574d929) (\SYSTEM\CurrentControlSet\Services\ezSharedSvc\Parameters)

[+] Unknown files in Winsock LSP

[+] TCP Connections

N/A → 0.0.0.0:135 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:445 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:554 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:2869 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:5357 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:10243 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:49152 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:49153 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:49154 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:49156 → 0.0.0.0:0 → LISTENING
N/A → 0.0.0.0:49158 → 0.0.0.0:0 → LISTENING
N/A → 192.168.1.13:139 → 0.0.0.0:0 → LISTENING
N/A → 192.168.1.13:51406 → 88.221.84.59:80 → TIME_WAIT
N/A → 192.168.1.13:51409 → 74.125.77.102:80 → TIME_WAIT
N/A → 192.168.1.13:51411 → 88.221.84.42:80 → TIME_WAIT
N/A → 192.168.1.13:51418 → 74.125.79.154:80 → TIME_WAIT
N/A → 192.168.1.13:51420 → 74.125.79.165:80 → TIME_WAIT
N/A → 192.168.1.13:51422 → 88.221.84.42:80 → TIME_WAIT
N/A → 192.168.1.13:51446 → 192.168.1.13:2869 → TIME_WAIT

[+] Hosts file

[+] Kernel Mode Info

x64 OS not supported!

---

Finish [ 0:1:19 ]

Salut,

Il serait plus intéressant de voir si quelque chose ne plante pas dans les observateur d’événements.

bjr ,
Voila ds le rapport evenement etc non rien sauf dans journaux de windows , application

Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (3904)

depuis ce aujourdhui ..

et ce rien que pour opera.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:54, on 24/04/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal

Running processes:
C:\Program Files (x86)\Opera\opera.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Auxilium\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_BE&c=94&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_BE&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_BE&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘SERVICE RÉSEAU’)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip..{4CF021D3-84CC-448D-BFA4-F3160FF38829}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip..{FA6F9211-2421-48C4-844F-CA7C991F274C}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip..{4CF021D3-84CC-448D-BFA4-F3160FF38829}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip..{4CF021D3-84CC-448D-BFA4-F3160FF38829}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–

End of file - 6531 bytes
me semble avoir vue des choses suspect comme wbengine ,vds,ui0detect,locator.exe … mais je suis pas sur du tout …

[attachment deleted by admin]

Bonjour

Tu ne dis pas quel est ton os, en regardant le log hijack, je pencherai pour une version 64bits de windows.

Dans ce cas, hijack est déconseillé, car justement il ne prend pas en compte les versions 64 bits de windows d’où les nombreux file missing dans le log.
Donc attention à ne rien supprimer avec hijack

A+