Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Win32.Palevo removal

  1. #1
    Junior Member
    Join Date
    Jan 2015
    Posts
    5

    Default Win32.Palevo removal

    Hello dear helpers.

    My computer has been infected for one week. These are the symptoms I've noticed :
    - each time I boot my PC, once I get to the desktop, I have my CPU fully used (100%) because of a process svchost.exe. It is the main reason why I've noticed this infection.
    - after running Malwarebytes Anti-Malware, it finds the suspect file C:\Windows\Temp\svchost.exe. So does Spybot, talking about the Trojan Win32.Palevo.
    - I've tried their "fix" solution. But at the next boot the problem still occurs and the file is still detected by both softwares.

    I tried to perform a system restore 5 days ago (even if it is highly inadvisable as I saw after that on this forum). Obviously it failled as today my friend the Trojan came back (after 5 days of disappearance).

    I even received an e-mail from Electronic Arts (not a Phishing one) asking me if I tried to change my password (I didn't). During the time I was infected, I connected to Origin (EA Steam-like) platform. I don't know if it is connected to the infection.

    I have a second PC, safe. I disconnected the infected one from the Internet.

    That to say : I am not serene at all ! I come here to seek help and I would be grateful to anyone who can provide me some !

    Here is my Farbar Log:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Hugo (administrator) on HUGO-PC1 on 22-01-2015 18:58:33
    Running from E:\Téléchargements
    Loaded Profiles: Hugo (Available profiles: Hugo)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDFSSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Microsoft Corporation) C:\Windows\System32\schtasks.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
    (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
    () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDTray.exe
    (Acronis) E:\Programmes\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Acronis) E:\Programmes\Acronis\TrueImageHome\TimounterMonitor.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403576 2012-06-28] (Acronis)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [SDTray] => E:\Programmes\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => E:\Programmes\Acronis\TrueImageHome\TrueImageMonitor.exe [5992664 2012-06-28] (Acronis)
    HKLM-x32\...\Run: [AcronisTimounterMonitor] => E:\Programmes\Acronis\TrueImageHome\TimounterMonitor.exe [1173168 2012-06-28] (Acronis)
    HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
    HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstart.exe [2422272 2012-09-06] (Gigabyte Technology CO., LTD.)
    HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe [10240 2013-11-13] (GIGA-BYTE TECHNOLOGY CO., LTD.)
    HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [8192 2013-04-29] ()
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\MountPoints2: {9bca92a2-40af-11e4-8add-74d4358b120f} - G:\setup.exe
    HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\MountPoints2: {bec64cae-0f84-11e4-a6ba-806e6f6e6963} - D:\Run.exe
    Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk
    ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    BootExecute: autocheck autochk * auto_reactivate \\?\Volume{f54c9b85-0f56-11e4-90b0-98fe1458e9cc}\bootwiz\asrm.bin

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\sg7falkp.default-1410699454320
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programmes\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1917996100-3480441381-1216732928-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
    R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Jeux\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
    R2 SDScannerService; E:\Programmes\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
    R2 SDUpdateService; E:\Programmes\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
    R2 SDWSCService; E:\Programmes\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-20] (Disc Soft Ltd)
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
    R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
    R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
    R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
    R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
    S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-22 18:58 - 2015-01-22 18:58 - 00000000 ____D () C:\FRST
    2015-01-22 18:57 - 2015-01-22 18:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUGO-PC1-Microsoft-Windows*7-Édition-Familiale-Premium-(64-bit).dat
    2015-01-22 18:57 - 2015-01-22 18:57 - 00000000 ____D () C:\RegBackup
    2015-01-22 18:56 - 2015-01-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-22 18:55 - 2015-01-22 18:54 - 04215584 _____ () C:\Users\Hugo\Desktop\tweaking.com_registry_backup_setup.exe
    2015-01-22 18:43 - 2015-01-22 18:46 - 00000656 _____ () C:\Windows\PFRO.log
    2015-01-22 17:52 - 2015-01-22 18:46 - 00000504 _____ () C:\Windows\setupact.log
    2015-01-22 17:52 - 2015-01-22 17:52 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-20 18:11 - 2015-01-20 18:11 - 00000000 ____D () C:\Users\Hugo\AppData\Local\ESS
    2015-01-20 18:10 - 2015-01-20 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Subtitle Synchronizer
    2015-01-17 20:27 - 2015-01-17 20:27 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2015-01-17 20:27 - 2015-01-17 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    2015-01-17 14:26 - 2015-01-17 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-17 12:27 - 2015-01-22 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-17 12:27 - 2015-01-17 12:36 - 00000000 ____D () C:\AdwCleaner
    2015-01-17 12:27 - 2015-01-17 12:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-17 12:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-17 12:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-17 12:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-17 12:03 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-01-17 12:03 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-01-17 12:03 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-01-17 12:03 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-01-17 12:03 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2015-01-17 12:03 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2015-01-17 12:03 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
    2015-01-17 12:02 - 2015-01-17 12:03 - 00000625 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
    2015-01-17 12:00 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-17 12:00 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-17 12:00 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-17 12:00 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-17 12:00 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-17 12:00 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-17 12:00 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-17 12:00 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-17 12:00 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-17 12:00 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-17 12:00 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-17 12:00 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-17 12:00 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-17 11:53 - 2014-11-01 17:03 - 00450773 _____ () C:\Windows\system32\Drivers\etc\hosts.20150117-115342.backup
    2015-01-17 11:48 - 2015-01-22 18:47 - 00007612 _____ () C:\Users\Hugo\AppData\Local\Resmon.ResmonCfg
    2015-01-10 14:26 - 2015-01-10 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Advanced Warfare
    2015-01-07 18:33 - 2015-01-07 18:33 - 00000000 ____D () C:\Users\Hugo\Documents\WB Games
    2015-01-07 18:08 - 2015-01-07 18:08 - 00003116 _____ () C:\Windows\System32\Tasks\Origin
    2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-22 18:54 - 2014-07-19 21:45 - 01755932 _____ () C:\Windows\WindowsUpdate.log
    2015-01-22 18:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 18:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 18:52 - 2011-04-12 10:16 - 00749134 _____ () C:\Windows\system32\perfh00C.dat
    2015-01-22 18:52 - 2011-04-12 10:16 - 00150898 _____ () C:\Windows\system32\perfc00C.dat
    2015-01-22 18:52 - 2009-07-14 06:13 - 01674622 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-22 18:47 - 2014-07-19 17:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2015-01-22 18:46 - 2014-09-20 15:10 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-01-22 18:46 - 2014-07-19 16:55 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-22 18:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-22 18:42 - 2014-07-20 18:17 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-22 18:32 - 2014-07-19 16:55 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-22 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
    2015-01-22 18:11 - 2014-07-19 17:51 - 00000000 ____D () C:\Users\Hugo\AppData\Local\Battle.net
    2015-01-21 19:18 - 2014-08-04 13:09 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\uTorrent
    2015-01-21 19:01 - 2014-07-24 21:56 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\vlc
    2015-01-20 21:36 - 2014-07-19 15:52 - 00000000 ____D () C:\Users\Hugo
    2015-01-20 18:22 - 2014-07-19 16:44 - 00000000 ___RD () C:\Users\Hugo\Desktop\Utilitaires
    2015-01-19 18:59 - 2014-08-28 21:00 - 00000000 ____D () C:\Users\Hugo\AppData\Local\Skyrim
    2015-01-19 18:37 - 2014-09-01 17:43 - 00000726 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2015-01-18 00:58 - 2014-07-21 18:21 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-18 00:57 - 2014-07-21 18:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-17 20:27 - 2014-07-24 18:34 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\Notepad++
    2015-01-17 16:08 - 2014-07-19 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-17 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-01-17 12:04 - 2014-09-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-01-17 12:02 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-01-17 11:50 - 2014-09-20 19:44 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\DAEMON Tools Lite
    2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-01-07 18:08 - 2014-07-20 18:19 - 00000000 ___HD () C:\Users\Hugo\AppData\Roaming\Origin

    ==================== Files in the root of some directories =======
    2014-12-07 18:53 - 2014-12-07 18:54 - 0000154 _____ () C:\Users\Hugo\AppData\Roaming\settings.xml
    2014-09-14 14:42 - 2014-11-11 17:42 - 0000098 _____ () C:\Users\Hugo\AppData\Roaming\WB.CFG
    2014-10-19 13:49 - 2014-10-19 13:49 - 0000000 ___SH () C:\Users\Hugo\AppData\Local\LumaEmu
    2015-01-17 11:48 - 2015-01-22 18:47 - 0007612 _____ () C:\Users\Hugo\AppData\Local\Resmon.ResmonCfg
    2014-07-26 20:30 - 2014-07-26 20:30 - 0000057 _____ () C:\ProgramData\Ament.ini
    2014-07-19 17:00 - 2014-07-19 17:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Users\Hugo\AppData\Roaming\Origin\update.vbe


    Some content of TEMP:
    ====================
    C:\Users\Hugo\AppData\Local\Temp\avgnt.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-17 13:34

    ==================== End Of Log ============================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @BIOS B13.1112.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
    @BIOS B13.1112.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
    µTorrent (HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Acronis*True*Image*Home 2012 (HKLM-x32\...\{C1599C24-DD22-4CFC-9790-A3015831CEF7}Visible) (Version: 15.0.7133 - Acronis)
    Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
    APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte)
    APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden
    Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
    Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
    Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.13.0911.1 - GIGABYTE)
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Dropbox (HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
    Easy Subtitles Synchronizer (HKLM-x32\...\{A35461B1-DFFD-48AE-A672-3C96A08B6A96}) (Version: 1.1.0 - ESS)
    EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
    EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
    EZSetupN B13.1114.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
    EZSetupN B13.1114.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
    Fast Boot (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Logiciel de base du périphérique HP Deskjet 2050 J510 series (HKLM\...\{B7F83103-C83C-4081-B9B7-50FC6A6F929E}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
    Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office «*Démarrer en un clic*» 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - Français (HKLM-x32\...\{90140011-0066-040C-0000-0000000FF1CE}) (Version: 14.0.7130.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mises à jour NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
    Mozilla Firefox 35.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 fr)) (Version: 35.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
    Mozilla Thunderbird 24.6.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 fr)) (Version: 24.6.0 - Mozilla)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
    NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
    NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    NVIDIA Pilote 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA Pilote audio HD : 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA Pilote du contrôleur 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA Pilote graphique 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
    ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
    ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
    Panneau de configuration NVIDIA 347.09 (Version: 347.09 - NVIDIA Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
    SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
    Smart Recovery 2 B13.1007.1 (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
    Smart TimeLock B13.0910.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
    Smart TimeLock B13.0910.1 (x32 Version: 1.00.0001 - GIGABYTE) Hidden
    Spesoft Free CD Ripper Version 4.2 (HKLM-x32\...\Spesoft Free CD Ripper_is1) (Version: - Spesoft)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    17-01-2015 13:41:21 Point de contrôle planifié
    18-01-2015 00:57:35 Windows Update
    20-01-2015 18:09:58 Installed Easy Subtitles Synchronizer
    21-01-2015 18:59:50 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-01-17 12:40 - 2015-01-17 12:40 - 00450838 ___RA C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost_Hugo_PC1
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {57DFFA5E-9035-4DE6-AFE6-915567128FAB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {7C081326-B4D8-479A-9453-AB4ECFF18E0D} - System32\Tasks\CCleanerSkipUAC => E:\Programmes\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {9E1D045F-AC5D-4671-8DD7-27724988E6C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
    Task: {B76F86B2-67F8-4836-B543-DFDB426A1B23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {B930DC67-EB09-4809-99F6-1C3236241F6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Hugo\AppData\Roaming\Notepad++\googleupd.exe <==== ATTENTION
    Task: {DC6EFE7C-CC4F-4C79-841F-0C78A020CCA7} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-20 15:10 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
    2014-07-19 17:08 - 2014-07-19 17:08 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
    2012-06-28 18:28 - 2012-06-28 18:28 - 02023296 _____ () E:\Programmes\Acronis\TrueImageHome\x64\versions_view.dll
    2014-11-20 17:27 - 2014-11-20 17:27 - 01243968 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
    2014-07-19 16:59 - 2013-09-13 17:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL
    2014-07-20 10:54 - 2014-04-25 13:11 - 00109400 _____ () E:\Programmes\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-07-20 10:54 - 2014-04-25 13:11 - 00416600 _____ () E:\Programmes\Spybot - Search & Destroy 2\DEC150.bpl
    2014-07-20 10:54 - 2014-04-25 13:11 - 00167768 _____ () E:\Programmes\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-07-20 10:54 - 2012-08-23 09:38 - 00574840 _____ () E:\Programmes\Spybot - Search & Destroy 2\sqlite3.dll
    2014-07-20 10:54 - 2012-04-03 16:06 - 00565640 _____ () E:\Programmes\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2012-06-28 15:58 - 2012-06-28 15:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
    2014-07-19 18:01 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
    2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
    2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
    2012-06-28 18:24 - 2012-06-28 18:24 - 13002712 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
    2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2014-07-19 16:57 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-01-17 14:26 - 2015-01-17 14:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2012-06-28 16:34 - 2012-06-28 16:34 - 00018816 _____ () E:\Programmes\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Programmes\DAEMON Tools Lite\DTLite.exe" -autorun

    ========================= Accounts: ==========================

    Administrateur (S-1-5-21-1917996100-3480441381-1216732928-500 - Administrator - Disabled)
    HomeGroupUser$ (S-1-5-21-1917996100-3480441381-1216732928-1002 - Limited - Enabled)
    Hugo (S-1-5-21-1917996100-3480441381-1216732928-1000 - Administrator - Enabled) => C:\Users\Hugo
    Invité (S-1-5-21-1917996100-3480441381-1216732928-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/22/2015 06:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/22/2015 06:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/22/2015 05:52:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2015 06:59:03 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
    .

    Error: (01/21/2015 06:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2015 07:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
    .

    Error: (01/20/2015 05:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/19/2015 09:47:07 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
    .

    Error: (01/19/2015 09:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/22/2015 06:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:46:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:46:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:46:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger*:
    UsbCharger

    Error: (01/22/2015 06:46:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/22/2015 06:43:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger*:
    UsbCharger

    Error: (01/22/2015 06:43:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.


    Microsoft Office Sessions:
    =========================
    Error: (01/22/2015 06:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/22/2015 06:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/22/2015 05:52:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2015 06:59:03 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.

    Error: (01/21/2015 06:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/21/2015 07:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/20/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.

    Error: (01/20/2015 05:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/19/2015 09:47:07 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.

    Error: (01/19/2015 09:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
    Percentage of memory in use: 31%
    Total physical RAM: 8060.55 MB
    Available physical RAM: 5498.09 MB
    Total Pagefile: 16119.29 MB
    Available Pagefile: 13102.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (Main) (Fixed) (Total:232.79 GB) (Free:48.66 GB) NTFS
    Drive e: (Stock) (Fixed) (Total:631.5 GB) (Free:604.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D6D97C51)
    Partition 1: (Active) - (Size=631.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=300 GB) - (Type=05)

    ========================================================
    Disk: 1 (Size: 232.9 GB) (Disk ID: B2A0C038)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    My aswMBR Log

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-01-22 18:59:50
    -----------------------------
    18:59:50.501 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:59:50.501 Number of processors: 4 586 0x3C03
    18:59:50.502 ComputerName: HUGO-PC1 UserName: Hugo
    18:59:50.787 Initialize success
    18:59:50.817 VM: initialized successfully
    18:59:50.818 VM: Intel CPU supported
    19:00:04.586 VM: disk I/O iaStorA.sys
    19:00:22.662 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006c
    19:00:22.665 Disk 0 Vendor: ST1000DM CC47 Size: 953869MB BusType: 11
    19:00:22.667 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006d
    19:00:22.669 Disk 1 Vendor: Samsung_ EXT0 Size: 238475MB BusType: 11
    19:00:22.678 Disk 1 MBR read successfully
    19:00:22.680 Disk 1 MBR scan
    19:00:22.682 Disk 1 unknown MBR code
    19:00:22.685 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    19:00:22.688 Disk 1 default boot code
    19:00:22.691 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    19:00:22.700 Disk 1 scanning C:\Windows\system32\drivers
    19:00:23.776 Service scanning
    19:00:24.726 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
    19:00:26.059 Modules scanning
    19:00:26.063 Disk 1 trace - called modules:
    19:00:26.068 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    19:00:26.072 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009fb5060]
    19:00:26.076 3 CLASSPNP.SYS[fffff88001dca43f] -> nt!IofCallDriver -> [0xfffffa8009ecbb30]
    19:00:26.079 5 vsflt67.sys[fffff88000ec67cd] -> nt!IofCallDriver -> [0xfffffa8009eca8a0]
    19:00:26.082 7 iaStorF.sys[fffff88001feda84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8009daa060]
    19:00:26.086 Disk 1 statistics 115140/0/0 @ 83,66 MB/s
    19:00:26.089 Scan finished successfully
    19:00:41.778 Disk 1 MBR has been saved successfully to "E:\Téléchargements\MBR.dat"
    19:00:41.794 The log file has been saved successfully to "E:\Téléchargements\aswMBR.txt"


    Thank you in advance for your help !
    Last edited by tashi; 2015-01-23 at 16:13. Reason: Hid second post, helpers look for a zero response. ;-)

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi

    P2P Warning

    ------------------------------
    I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

    Your P2P software can be removed by following the instructions below.
    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the aforementioned programme(s), right-click and click Uninstall.

    If you choose not to, please refrain from using the programme(s) during this process.


    ***************************************************************

    Running from E:\Téléchargements --> translate to downloads?

    We need to move Farbar Recovery Scan Tool to desktop

    Please go to your downloads folder, locate Farbar Recovery Scan Tool. Right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.
    ~~


    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




    start
    CloseProcesses:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    C:\Users\Hugo\AppData\Roaming\Origin\update.vbe
    C:\Users\Hugo\AppData\Local\Temp\avgnt.exe
    Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
    C:\Windows\Temp\svchost.exe
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~~
    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2015
    Posts
    5

    Default

    Hi Juliet,

    Thank you for your answer. Indeed "Téléchargements" means Downloads in french.

    I performed your actions list. These are the logs :

    My Fixlog

    My protection software unfortunatly showed up at the end of the fix. However, after the reboot, no svchost.exe consumming all my CPU resources.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
    Ran by Hugo at 2015-01-23 19:49:47 Run:1
    Running from C:\Users\Hugo\Desktop
    Loaded Profiles: Hugo (Available profiles: Hugo)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    C:\Users\Hugo\AppData\Roaming\Origin\update.vbe
    C:\Users\Hugo\AppData\Local\Temp\avgnt.exe
    Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
    C:\Windows\Temp\svchost.exe
    EmptyTemp:
    Hosts:
    End
    *****************

    Processes closed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    C:\Users\Hugo\AppData\Roaming\Origin\update.vbe => Moved successfully.
    C:\Users\Hugo\AppData\Local\Temp\avgnt.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A71B5AFD-432E-40D8-BDDF-CCC0727F078E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71B5AFD-432E-40D8-BDDF-CCC0727F078E}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Origin => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
    C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
    C:\Windows\Temp\svchost.exe => Moved successfully.
    "C:\Windows\System32\Drivers\etc\hosts" => Could not move.
    Could not reset Hosts.
    EmptyTemp: => Removed 481.6 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:49:56 ====

    My AdwCleaner log

    AdwCleaner found nothing.

    My Junkware Removal Tool log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Hugo on 23/01/2015 at 19:57:13,39
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_FULL_S-DC82AF40.pf
    Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARSTANDALONESETUP_-4BF5EE5A.pf
    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Hugo\AppData\Roaming\mozilla\firefox\profiles\sg7falkp.default-1410699454320\minidumps [12 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/01/2015 at 19:59:10,38
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Good deal!

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.


    Please post these 2 logs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Jan 2015
    Posts
    5

    Default

    My Malwarebytes Anti-Malware log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23/01/2015
    Scan Time: 22:29:51
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.23.10
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Hugo

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 330724
    Time Elapsed: 4 min, 43 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    My ESET_log

    C:\FRST\Quarantine\C\Windows\Temp\svchost.exe.xBAD Win64/CoinMiner.J trojan

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    C:\FRST\Quarantine\C\Windows\Temp\svchost.exe.xBAD Win64/CoinMiner.J trojan
    The above will be removed when we finish.

    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Jan 2015
    Posts
    5

    Default

    My computer is running just fine !

    Thank you for this. Great job .

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    DelFix
    • Please download DelFix and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
      • Activate UAC
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore
      • Reset system settings

    • Click the Run button.

    -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


    ~~~~~~~~~~~~~~~~~~~~~~


    The following programmes come highly recommended in the security community.
    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Jan 2015
    Posts
    5

    Default

    Done.

    Once again thank you.

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    We're glad to help
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •