Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 30-03-2025 Exécuté par david1010 (30-03-2025 19:29:14) Exécuté depuis C:\Users\david1010\Desktop Microsoft Windows 11 Professionnel Version 24H2 26100.3624 (X64) (2025-03-15 23:16:20) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) Administrateur (S-1-5-21-1095405843-3970974041-2742941896-500 - Administrator - Disabled) david1010 (S-1-5-21-1095405843-3970974041-2742941896-1000 - Administrator - Enabled) => C:\Users\david1010 DefaultAccount (S-1-5-21-1095405843-3970974041-2742941896-503 - Limited - Disabled) Invité (S-1-5-21-1095405843-3970974041-2742941896-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1095405843-3970974041-2742941896-504 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE} FW: ESET Pare-feu (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) 7-Zip 24.09 (x64) (HKLM\...\7-Zip) (Version: 24.09 - Igor Pavlov) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 7.02.13.148 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.134 - Advanced Micro Devices, Inc.) Hidden AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.126 - Advanced Micro Devices, Inc.) Hidden AMD Install Manager (HKLM\...\{82C961AD-0D2D-4332-A8E2-930323200693}) (Version: 24.30.25062.1008 - Advanced Micro Devices, Inc.) AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.48 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.38.0.0 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 25.3.1 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{2716aa5a-0535-4e2a-af04-f4e5468df2f8}) (Version: 7.02.13.148 - Advanced Micro Devices, Inc.) Hidden Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 6.34 - Piriform) Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU) DefenderUI version 1.34 (HKLM\...\{D60974B4-94D2-4A22-A4B9-4C2E0E264B7B}_is1) (Version: 1.34 - VoodooSoft, LLC) DriversCloud.com (HKLM\...\{F292F955-3014-4502-993B-CA32CE442FDE}) (Version: 12.0.26 - Cybelsoft) Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.4.0.27683 - Foxit Software Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 134.0.3124.93 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 134.0.3124.93 - Microsoft Corporation) Hidden Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Mozilla Firefox (x64 fr) (HKLM\...\Mozilla Firefox 136.0.4 (x64 fr)) (Version: 136.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0.1 - Mozilla) NVIDIA Logiciel système PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation) NVIDIA Pilote audio HD 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation) NVIDIA Pilote graphique 572.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 572.83 - NVIDIA Corporation) Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.3.0 - Advanced Micro Devices, Inc.) Hidden qBittorrent (HKLM-x32\...\qBittorrent) (Version: 5.0.4 - The qBittorrent project) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.74.1128.2024 - Realtek) RyzenMasterSDK (HKLM\...\{BEFFB094-0535-4676-90B1-EB5DD9C0DEB0}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.3.0 - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.92.0 - Winamp SA) XnView (HKLM-x32\...\XnView_is1) (Version: 2.52.0 - Gougelet Pierre-e) Packages: ========= AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2025-03-13] (Advanced Micro Devices Inc.) Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-03-16] (Microsoft Corp.) Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe [2025-03-26] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-03-18] (NVIDIA Corp.) Pack d’expérience de fonctionnalités Windows -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-03-28] (Microsoft Windows) ==================== Personnalisé CLSID (Avec liste blanche): ============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-1095405843-3970974041-2742941896-1000_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [Fichier non signé] ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> Pas de fichier ContextMenuHandlers1-x32: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2025-03-21] (Pierre GOUGELET -> ) ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> Pas de fichier ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [Fichier non signé] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_1aa51d77f496c662\nvshext.dll [2025-03-15] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [Fichier non signé] ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> Pas de fichier ==================== Codecs (Avec liste blanche) ==================== ==================== Raccourcis & WMI ======================== ==================== Modules chargés (Avec liste blanche) ============= 2025-03-13 20:16 - 2024-11-29 20:00 - 000101376 _____ (Igor Pavlov) [Fichier non signé] C:\Program Files\7-Zip\7-zip.dll ==================== Alternate Data Streams (Avec liste blanche) ======== ==================== Mode sans échec (Avec liste blanche) ================== ==================== Association (Avec liste blanche) ================= ==================== Internet Explorer (Avec liste blanche) ============= ==================== Hosts contenu: ========================= (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2022-05-07 07:24 - 2022-05-07 07:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Autres zones =========================== (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-1095405843-3970974041-2742941896-1000\Control Panel\Desktop\\Wallpaper -> D:\Images\765130-Soccer-Juventus-F.C.-3D-Logo-2K.jpg DNS Servers: 109.88.203.3 - 62.197.111.140 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Le Pare-feu est activé. Network Binding: ============= Wi-Fi: Realtek 8852BE Wireless LAN WiFi 6 PCI-E NIC -> rtwlane601.sys Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys ==================== MSCONFIG/TASK MANAGER éléments désactivés == (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKU\S-1-5-21-1095405843-3970974041-2742941896-1000\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AE3A38FACBA03435EC77BFF04CE0E6B6" HKU\S-1-5-21-1095405843-3970974041-2742941896-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1095405843-3970974041-2742941896-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1095405843-3970974041-2742941896-1000\...\StartupApproved\Run: => "AMDNoiseSuppression" ==================== RèglesPare-feu (Avec liste blanche) ================ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [{0FD3923C-CD40-4374-81BC-FB26A15FB391}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA) FirewallRules: [{6481F71C-3429-4F6A-B9D6-E5542985F86F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA) FirewallRules: [{2DB7E4B5-2816-40F8-A809-FFB3F05830E9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Fichier non signé] FirewallRules: [{4B308CF5-33C6-4405-9217-4692CC62F455}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Fichier non signé] FirewallRules: [{CF37DA08-57EB-49FC-A7B6-A60D33BF0CA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7E424C3B-BDBF-4AE8-ABCC-43FFD2FCEF03}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E28CE213-40F8-4153-9DCA-1F68ECD2216C}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8AABDF54-E19E-4298-A380-A45249015F38}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{89DD25EA-ACB2-4497-9F52-E769EDFD1245}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS0B09\HP.EasyStart.exe => Pas de fichier FirewallRules: [{BFBEA2B8-5254-49D0-9D01-C2D202D0F37D}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS15FD\HPEasyStart\HP.EasyStart.exe => Pas de fichier FirewallRules: [{7969C429-F0AE-485C-96CF-2036821C1AC2}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS12E0\HPEasyStart\HP.EasyStart.exe => Pas de fichier FirewallRules: [{9B222D8B-8F51-42C6-BE8E-CD5EC096CA7D}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS2BF4\HPEasyStart\HP.EasyStart.exe => Pas de fichier FirewallRules: [{6843293A-C9AF-4AB4-9F21-23631518FCE9}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS3371\HP.EasyStart.exe => Pas de fichier FirewallRules: [{A17E1813-3B63-4211-B2E1-573B5AC25054}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS612E\HP.EasyStart.exe => Pas de fichier FirewallRules: [{0569C7D1-68DB-4BA6-A11B-17449C48F71E}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS1D2D\HPEasyStart\HP.EasyStart.exe => Pas de fichier FirewallRules: [{416025A8-2F3E-40ED-864D-CAF03D1F50D3}] => (Allow) C:\Users\david1010\AppData\Local\Temp\7zS5230\HP.EasyStart.exe => Pas de fichier FirewallRules: [{9FA87D40-A645-494A-8620-210E445C6B16}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.93\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{A54A8993-AEDA-462E-92FC-A6E2939D7609}C:\users\david1010\documents\ratiomaster.net_0.43\ratiomaster.net.exe] => (Block) C:\users\david1010\documents\ratiomaster.net_0.43\ratiomaster.net.exe (Nikolay.IT) [Fichier non signé] FirewallRules: [UDP Query User{6306A844-B1CC-44A4-AE06-794199383ACF}C:\users\david1010\documents\ratiomaster.net_0.43\ratiomaster.net.exe] => (Block) C:\users\david1010\documents\ratiomaster.net_0.43\ratiomaster.net.exe (Nikolay.IT) [Fichier non signé] FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{B603981E-6FB0-487D-81B1-4CE6124AA8E3}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe (CYBELSOFT -> ) FirewallRules: [{526B2E6B-DA1A-4A1E-8779-74DE99993C2E}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe (CYBELSOFT -> ) ==================== Points de restauration ========================= 26-03-2025 04:13:07 Windows Update 28-03-2025 01:27:50 Programme d’installation pour les modules Windows 29-03-2025 14:55:24 windows 11 29-03-2025 14:56:19 Installed DriversCloud.com 29-03-2025 15:30:18 Removed DriversCloud.com 29-03-2025 21:18:12 Installed DriversCloud.com 30-03-2025 19:03:24 Removed DriversCloud.com 30-03-2025 19:12:25 Installed DriversCloud.com ==================== Éléments en erreur du Gestionnaire de périphériques ============ Name: Périphérique PCI Description: Périphérique PCI Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erreurs du Journal des événements: ======================== Erreurs Application: ================== Error: (03/29/2025 09:23:22 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.. Error: (03/29/2025 09:23:22 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours.] Error: (03/29/2025 09:23:22 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.. Error: (03/29/2025 09:23:22 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours.] Error: (03/29/2025 03:31:40 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours.] Error: (03/29/2025 03:31:40 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.. Error: (03/29/2025 03:31:40 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours.] Error: (03/29/2025 01:58:48 AM) (Source: CertEnroll) (EventID: 86) (User: AUTORITE NT) Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-VVSD8T5$ via https://AMD-KeyId-bc8eac10844f5c7ebfe8bac2ceb50e8cdf34ef88.microsoftaik.azure.net/templates/Aik/scep : GetCACaps Méthode : GET(16ms) Étape : GetCACaps L’adresse ou le nom de serveur n’a pas pu être résolu 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Erreurs système: ============= Error: (03/30/2025 07:12:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Le service DriversCloud Agent est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement. Error: (03/30/2025 07:01:31 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORITE NT) Description: La mise à jour de Secure Boot a échoué à mettre à jour une variable Secure Boot avec l'erreur (-2147020471 = Le démarrage sécurisé n’est pas activé sur cet ordinateur.). Pour plus d'informations, veuillez consulter https://go.microsoft.com/fwlink/?linkid=2169931 Error: (03/30/2025 01:03:54 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORITE NT) Description: La mise à jour de Secure Boot a échoué à mettre à jour une variable Secure Boot avec l'erreur (-2147020471 = Le démarrage sécurisé n’est pas activé sur cet ordinateur.). Pour plus d'informations, veuillez consulter https://go.microsoft.com/fwlink/?linkid=2169931 Error: (03/29/2025 09:23:22 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: AUTORITE NT) Description: Device Association Service a détecté un échec de découverte de point de terminaison. Error: (03/29/2025 09:23:22 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: AUTORITE NT) Description: Device Association Service a détecté un échec de découverte de point de terminaison. Error: (03/29/2025 09:23:22 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: AUTORITE NT) Description: Device Association Service a détecté un échec de découverte de point de terminaison. Error: (03/29/2025 09:23:22 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: AUTORITE NT) Description: Device Association Service a détecté un échec de découverte de point de terminaison. Error: (03/29/2025 09:23:22 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: AUTORITE NT) Description: Device Association Service a détecté un échec de découverte de point de terminaison. Windows Defender: ================ Date: 2025-03-26 04:06:06 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Name: Trojan:Win32/Occamy.C Severity: Severe Category: Trojan Path: containerfile:_D:\formatage\P2P.rar; file:_D:\formatage\P2P.rar->Windows 10 Digital License C# v3.1 Multilingual.rar->DigitalLicense.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.425.248.0, AS: 1.425.248.0, NIS: 1.425.248.0 Engine Version: AM: 1.1.25020.1007, NIS: 1.1.25020.1007 Date: 2025-03-26 04:05:42 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Name: Trojan:Win32/Occamy.C Severity: Severe Category: Trojan Path: containerfile:_D:\formatage\P2P.rar; file:_D:\formatage\P2P.rar->Windows 10 Digital License C# v3.1 Multilingual.rar->DigitalLicense.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.425.248.0, AS: 1.425.248.0, NIS: 1.425.248.0 Engine Version: AM: 1.1.25020.1007, NIS: 1.1.25020.1007 Date: 2025-03-26 04:05:42 Description: Microsoft Defender Antivirus has detected potentially unwanted application(PUA). For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Name: PUA:Win32/Presenoker Severity: Low Category: Potentially Unwanted Software Path: containerfile:_D:\formatage\P2P.rar; file:_D:\formatage\P2P.rar->KMS_VL_ALL-SppExtComObjPatcher-kms-26.rar->KMS_VL_ALL-SppExtComObjPatcher-kms-26\$OEM$\$$\Setup\Scripts\Win32\SppExtComObjHook.dll; file:_D:\formatage\P2P.rar->KMS_VL_ALL-SppExtComObjPatcher-kms-26.rar->KMS_VL_ALL-SppExtComObjPatcher-kms-26\Win32\SppExtComObjHook.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.425.248.0, AS: 1.425.248.0, NIS: 1.425.248.0 Engine Version: AM: 1.1.25020.1007, NIS: 1.1.25020.1007 Date: 2025-03-26 04:04:59 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKms!pz&threatid=2147890692&enterprise=0 Name: HackTool:MSIL/AutoKms!pz Severity: High Category: Tool Path: containerfile:_D:\formatage\P2P.rar; file:_D:\formatage\P2P.rar->KMSpico v10.2.0 (autre version Nova-s) carrément meilleur !!.rar->KMSpico v10.2.0 (autre version Nova-s)\KMSpico.exe->(7zSfx)->AutoPico.exe->[b64mz]->(Base64); file:_D:\formatage\P2P.rar->KMSpico v10.2.0 (autre version Nova-s) carrément meilleur !!.rar->KMSpico v10.2.0 (autre version Nova-s)\KMSpico.exe->(7zSfx)->AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x64.exe]; file:_D:\formatage\P2P.rar->KMSpico v10.2.0 (autre version Nova-s) carrément meilleur !!.rar->KMSpico v10.2.0 (autre version Nova-s)\KMSpico.exe->(7zSfx)->AutoPico.exe->[MSILRES:AutoPico.SECOH-QAD.x86.exe] Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.425.248.0, AS: 1.425.248.0, NIS: 1.425.248.0 Engine Version: AM: 1.1.25020.1007, NIS: 1.1.25020.1007 Date: 2025-03-26 04:04:59 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS.I!MTB&threatid=2147743522&enterprise=0 Name: HackTool:MSIL/AutoKMS.I!MTB Severity: High Category: Tool Path: containerfile:_D:\formatage\P2P.rar; file:_D:\formatage\P2P.rar->KMSAuto Lite v1.4.2 Multilangues Portable.rar->KMSAuto Lite Portable v1.4.2\KMSAuto.exe->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.425.248.0, AS: 1.425.248.0, NIS: 1.425.248.0 Engine Version: AM: 1.1.25020.1007, NIS: 1.1.25020.1007 Event[0] Date: 2025-03-25 19:54:49 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: Ce service ne peut pas être démarré en mode sans échec Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2025-03-18 23:11:32 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: Ce service ne peut pas être démarré en mode sans échec Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =============== Date: 2025-03-29 02:55:49 Description: Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume5\Users\david1010\AppData\Local\Temp\cpuz138\cpuz138_x64.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}). Date: 2025-03-29 02:55:49 Description: The driver \Device\HarddiskVolume5\Users\david1010\AppData\Local\Temp\cpuz138\cpuz138_x64.sys is blocked from loading as the driver has been revoked by Microsoft. Date: 2025-03-25 19:54:53 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2025-03-25 19:53:38 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Infos Mémoire =========================== BIOS: American Megatrends Inc. 3035 09/05/2024 Carte mère: ASUSTeK COMPUTER INC. TUF GAMING B650-PLUS WIFI Processeur: AMD Ryzen 5 7600X 6-Core Processor Pourcentage de mémoire utilisée: 15% Mémoire physique - RAM - totale: 32400.09 MB Mémoire physique - RAM - disponible: 27397.67 MB Mémoire virtuelle totale: 34448.09 MB Mémoire virtuelle disponible: 27987.11 MB ==================== Lecteurs ================================ Drive c: () (Fixed) (Total:930.06 GB) (Free:835.41 GB) (Model: Samsung SSD 870 QVO 1TB) NTFS Drive d: (Nouveau nom) (Fixed) (Total:1862.89 GB) (Free:628.61 GB) (Model: WDC WD20EZRZ-00Z5HB0) NTFS \\?\Volume{112b2416-02ff-4c72-b381-f91b3d1b78ae}\ () (Fixed) (Total:0.69 GB) (Free:0.11 GB) NTFS \\?\Volume{2889d796-7c6e-42a7-82c0-3fe688e3e0d9}\ () (Fixed) (Total:0.64 GB) (Free:0.06 GB) NTFS \\?\Volume{f0d06197-22f0-414f-9baf-fdf226cba993}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Table des partitions ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fin de Addition.txt =======================