-
Win32.Palevo removal
Hello dear helpers.
My computer has been infected for one week. These are the symptoms I've noticed :
- each time I boot my PC, once I get to the desktop, I have my CPU fully used (100%) because of a process svchost.exe. It is the main reason why I've noticed this infection.
- after running Malwarebytes Anti-Malware, it finds the suspect file C:\Windows\Temp\svchost.exe. So does Spybot, talking about the Trojan Win32.Palevo.
- I've tried their "fix" solution. But at the next boot the problem still occurs and the file is still detected by both softwares.
I tried to perform a system restore 5 days ago (even if it is highly inadvisable as I saw after that on this forum). Obviously it failled as today my friend the Trojan came back (after 5 days of disappearance).
I even received an e-mail from Electronic Arts (not a Phishing one) asking me if I tried to change my password (I didn't). During the time I was infected, I connected to Origin (EA Steam-like) platform. I don't know if it is connected to the infection.
I have a second PC, safe. I disconnected the infected one from the Internet.
That to say : I am not serene at all ! I come here to seek help and I would be grateful to anyone who can provide me some ! 
Here is my Farbar Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Hugo (administrator) on HUGO-PC1 on 22-01-2015 18:58:33
Running from E:\Téléchargements
Loaded Profiles: Hugo (Available profiles: Hugo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDTray.exe
(Acronis) E:\Programmes\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) E:\Programmes\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403576 2012-06-28] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => E:\Programmes\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => E:\Programmes\Acronis\TrueImageHome\TrueImageMonitor.exe [5992664 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => E:\Programmes\Acronis\TrueImageHome\TimounterMonitor.exe [1173168 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstart.exe [2422272 2012-09-06] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe [10240 2013-11-13] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\MountPoints2: {9bca92a2-40af-11e4-8add-74d4358b120f} - G:\setup.exe
HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\MountPoints2: {bec64cae-0f84-11e4-a6ba-806e6f6e6963} - D:\Run.exe
Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk
ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{f54c9b85-0f56-11e4-90b0-98fe1458e9cc}\bootwiz\asrm.bin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\sg7falkp.default-1410699454320
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programmes\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1917996100-3480441381-1216732928-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Jeux\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 SDScannerService; E:\Programmes\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; E:\Programmes\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; E:\Programmes\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-20] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 18:58 - 2015-01-22 18:58 - 00000000 ____D () C:\FRST
2015-01-22 18:57 - 2015-01-22 18:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUGO-PC1-Microsoft-Windows*7-Édition-Familiale-Premium-(64-bit).dat
2015-01-22 18:57 - 2015-01-22 18:57 - 00000000 ____D () C:\RegBackup
2015-01-22 18:56 - 2015-01-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-22 18:55 - 2015-01-22 18:54 - 04215584 _____ () C:\Users\Hugo\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-22 18:43 - 2015-01-22 18:46 - 00000656 _____ () C:\Windows\PFRO.log
2015-01-22 17:52 - 2015-01-22 18:46 - 00000504 _____ () C:\Windows\setupact.log
2015-01-22 17:52 - 2015-01-22 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 18:11 - 2015-01-20 18:11 - 00000000 ____D () C:\Users\Hugo\AppData\Local\ESS
2015-01-20 18:10 - 2015-01-20 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Subtitle Synchronizer
2015-01-17 20:27 - 2015-01-17 20:27 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-17 20:27 - 2015-01-17 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-17 14:26 - 2015-01-17 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 12:27 - 2015-01-22 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 12:27 - 2015-01-17 12:36 - 00000000 ____D () C:\AdwCleaner
2015-01-17 12:27 - 2015-01-17 12:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 12:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 12:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 12:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 12:03 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-17 12:03 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-17 12:03 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-17 12:03 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-17 12:03 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-17 12:03 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-17 12:02 - 2015-01-17 12:03 - 00000625 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-01-17 12:00 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 12:00 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 12:00 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 12:00 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-17 12:00 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-17 12:00 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-17 12:00 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-17 12:00 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-17 12:00 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-17 12:00 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 12:00 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 12:00 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 12:00 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-17 11:53 - 2014-11-01 17:03 - 00450773 _____ () C:\Windows\system32\Drivers\etc\hosts.20150117-115342.backup
2015-01-17 11:48 - 2015-01-22 18:47 - 00007612 _____ () C:\Users\Hugo\AppData\Local\Resmon.ResmonCfg
2015-01-10 14:26 - 2015-01-10 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Advanced Warfare
2015-01-07 18:33 - 2015-01-07 18:33 - 00000000 ____D () C:\Users\Hugo\Documents\WB Games
2015-01-07 18:08 - 2015-01-07 18:08 - 00003116 _____ () C:\Windows\System32\Tasks\Origin
2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 18:54 - 2014-07-19 21:45 - 01755932 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 18:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 18:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 18:52 - 2011-04-12 10:16 - 00749134 _____ () C:\Windows\system32\perfh00C.dat
2015-01-22 18:52 - 2011-04-12 10:16 - 00150898 _____ () C:\Windows\system32\perfc00C.dat
2015-01-22 18:52 - 2009-07-14 06:13 - 01674622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 18:47 - 2014-07-19 17:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-01-22 18:46 - 2014-09-20 15:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-22 18:46 - 2014-07-19 16:55 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 18:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 18:42 - 2014-07-20 18:17 - 00000000 ____D () C:\ProgramData\Origin
2015-01-22 18:32 - 2014-07-19 16:55 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-22 18:11 - 2014-07-19 17:51 - 00000000 ____D () C:\Users\Hugo\AppData\Local\Battle.net
2015-01-21 19:18 - 2014-08-04 13:09 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\uTorrent
2015-01-21 19:01 - 2014-07-24 21:56 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\vlc
2015-01-20 21:36 - 2014-07-19 15:52 - 00000000 ____D () C:\Users\Hugo
2015-01-20 18:22 - 2014-07-19 16:44 - 00000000 ___RD () C:\Users\Hugo\Desktop\Utilitaires
2015-01-19 18:59 - 2014-08-28 21:00 - 00000000 ____D () C:\Users\Hugo\AppData\Local\Skyrim
2015-01-19 18:37 - 2014-09-01 17:43 - 00000726 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-01-18 00:58 - 2014-07-21 18:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 00:57 - 2014-07-21 18:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 20:27 - 2014-07-24 18:34 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\Notepad++
2015-01-17 16:08 - 2014-07-19 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-17 12:04 - 2014-09-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-17 12:02 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 11:50 - 2014-09-20 19:44 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\DAEMON Tools Lite
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 18:08 - 2014-07-20 18:19 - 00000000 ___HD () C:\Users\Hugo\AppData\Roaming\Origin
==================== Files in the root of some directories =======
2014-12-07 18:53 - 2014-12-07 18:54 - 0000154 _____ () C:\Users\Hugo\AppData\Roaming\settings.xml
2014-09-14 14:42 - 2014-11-11 17:42 - 0000098 _____ () C:\Users\Hugo\AppData\Roaming\WB.CFG
2014-10-19 13:49 - 2014-10-19 13:49 - 0000000 ___SH () C:\Users\Hugo\AppData\Local\LumaEmu
2015-01-17 11:48 - 2015-01-22 18:47 - 0007612 _____ () C:\Users\Hugo\AppData\Local\Resmon.ResmonCfg
2014-07-26 20:30 - 2014-07-26 20:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-19 17:00 - 2014-07-19 17:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Hugo\AppData\Roaming\Origin\update.vbe
Some content of TEMP:
====================
C:\Users\Hugo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-17 13:34
==================== End Of Log ============================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS B13.1112.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B13.1112.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
µTorrent (HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{C1599C24-DD22-4CFC-9790-A3015831CEF7}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte)
APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.13.0911.1 - GIGABYTE)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Easy Subtitles Synchronizer (HKLM-x32\...\{A35461B1-DFFD-48AE-A672-3C96A08B6A96}) (Version: 1.1.0 - ESS)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
EZSetupN B13.1114.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetupN B13.1114.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
Fast Boot (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Logiciel de base du périphérique HP Deskjet 2050 J510 series (HKLM\...\{B7F83103-C83C-4081-B9B7-50FC6A6F929E}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office «*Démarrer en un clic*» 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Français (HKLM-x32\...\{90140011-0066-040C-0000-0000000FF1CE}) (Version: 14.0.7130.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mises à jour NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
Mozilla Firefox 35.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 fr)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 fr)) (Version: 24.6.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Pilote graphique 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Panneau de configuration NVIDIA 347.09 (Version: 347.09 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Smart Recovery 2 B13.1007.1 (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B13.0910.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B13.0910.1 (x32 Version: 1.00.0001 - GIGABYTE) Hidden
Spesoft Free CD Ripper Version 4.2 (HKLM-x32\...\Spesoft Free CD Ripper_is1) (Version: - Spesoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-01-2015 13:41:21 Point de contrôle planifié
18-01-2015 00:57:35 Windows Update
20-01-2015 18:09:58 Installed Easy Subtitles Synchronizer
21-01-2015 18:59:50 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-01-17 12:40 - 2015-01-17 12:40 - 00450838 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost_Hugo_PC1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {57DFFA5E-9035-4DE6-AFE6-915567128FAB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7C081326-B4D8-479A-9453-AB4ECFF18E0D} - System32\Tasks\CCleanerSkipUAC => E:\Programmes\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {9E1D045F-AC5D-4671-8DD7-27724988E6C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
Task: {B76F86B2-67F8-4836-B543-DFDB426A1B23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {B930DC67-EB09-4809-99F6-1C3236241F6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Hugo\AppData\Roaming\Notepad++\googleupd.exe <==== ATTENTION
Task: {DC6EFE7C-CC4F-4C79-841F-0C78A020CCA7} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-20 15:10 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2014-07-19 17:08 - 2014-07-19 17:08 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
2012-06-28 18:28 - 2012-06-28 18:28 - 02023296 _____ () E:\Programmes\Acronis\TrueImageHome\x64\versions_view.dll
2014-11-20 17:27 - 2014-11-20 17:27 - 01243968 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2014-07-19 16:59 - 2013-09-13 17:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL
2014-07-20 10:54 - 2014-04-25 13:11 - 00109400 _____ () E:\Programmes\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-20 10:54 - 2014-04-25 13:11 - 00416600 _____ () E:\Programmes\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-20 10:54 - 2014-04-25 13:11 - 00167768 _____ () E:\Programmes\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-20 10:54 - 2012-08-23 09:38 - 00574840 _____ () E:\Programmes\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-20 10:54 - 2012-04-03 16:06 - 00565640 _____ () E:\Programmes\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-06-28 15:58 - 2012-06-28 15:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-07-19 18:01 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2012-06-28 18:24 - 2012-06-28 18:24 - 13002712 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-07-19 16:57 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-17 14:26 - 2015-01-17 14:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-06-28 16:34 - 2012-06-28 16:34 - 00018816 _____ () E:\Programmes\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Programmes\DAEMON Tools Lite\DTLite.exe" -autorun
========================= Accounts: ==========================
Administrateur (S-1-5-21-1917996100-3480441381-1216732928-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1917996100-3480441381-1216732928-1002 - Limited - Enabled)
Hugo (S-1-5-21-1917996100-3480441381-1216732928-1000 - Administrator - Enabled) => C:\Users\Hugo
Invité (S-1-5-21-1917996100-3480441381-1216732928-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/22/2015 06:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2015 06:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2015 05:52:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 06:59:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
.
Error: (01/21/2015 06:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 07:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
.
Error: (01/20/2015 05:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 09:47:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
.
Error: (01/19/2015 09:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/22/2015 06:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:46:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:46:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:46:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger*:
UsbCharger
Error: (01/22/2015 06:46:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (01/22/2015 06:43:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger*:
UsbCharger
Error: (01/22/2015 06:43:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Microsoft Office Sessions:
=========================
Error: (01/22/2015 06:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2015 06:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2015 05:52:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 06:59:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.
Error: (01/21/2015 06:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2015 07:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.
Error: (01/20/2015 05:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2015 09:47:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.
Error: (01/19/2015 09:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8060.55 MB
Available physical RAM: 5498.09 MB
Total Pagefile: 16119.29 MB
Available Pagefile: 13102.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Main) (Fixed) (Total:232.79 GB) (Free:48.66 GB) NTFS
Drive e: (Stock) (Fixed) (Total:631.5 GB) (Free:604.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D6D97C51)
Partition 1: (Active) - (Size=631.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=05)
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: B2A0C038)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
My aswMBR Log
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-22 18:59:50
-----------------------------
18:59:50.501 OS Version: Windows x64 6.1.7601 Service Pack 1
18:59:50.501 Number of processors: 4 586 0x3C03
18:59:50.502 ComputerName: HUGO-PC1 UserName: Hugo
18:59:50.787 Initialize success
18:59:50.817 VM: initialized successfully
18:59:50.818 VM: Intel CPU supported
19:00:04.586 VM: disk I/O iaStorA.sys
19:00:22.662 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006c
19:00:22.665 Disk 0 Vendor: ST1000DM CC47 Size: 953869MB BusType: 11
19:00:22.667 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006d
19:00:22.669 Disk 1 Vendor: Samsung_ EXT0 Size: 238475MB BusType: 11
19:00:22.678 Disk 1 MBR read successfully
19:00:22.680 Disk 1 MBR scan
19:00:22.682 Disk 1 unknown MBR code
19:00:22.685 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:00:22.688 Disk 1 default boot code
19:00:22.691 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
19:00:22.700 Disk 1 scanning C:\Windows\system32\drivers
19:00:23.776 Service scanning
19:00:24.726 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
19:00:26.059 Modules scanning
19:00:26.063 Disk 1 trace - called modules:
19:00:26.068 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
19:00:26.072 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009fb5060]
19:00:26.076 3 CLASSPNP.SYS[fffff88001dca43f] -> nt!IofCallDriver -> [0xfffffa8009ecbb30]
19:00:26.079 5 vsflt67.sys[fffff88000ec67cd] -> nt!IofCallDriver -> [0xfffffa8009eca8a0]
19:00:26.082 7 iaStorF.sys[fffff88001feda84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8009daa060]
19:00:26.086 Disk 1 statistics 115140/0/0 @ 83,66 MB/s
19:00:26.089 Scan finished successfully
19:00:41.778 Disk 1 MBR has been saved successfully to "E:\Téléchargements\MBR.dat"
19:00:41.794 The log file has been saved successfully to "E:\Téléchargements\aswMBR.txt"
Thank you in advance for your help !
Last edited by tashi; 2015-01-23 at 15:13.
Reason: Hid second post, helpers look for a zero response. ;-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
