Hello dear helpers.

My computer has been infected for one week. These are the symptoms I've noticed :
- each time I boot my PC, once I get to the desktop, I have my CPU fully used (100%) because of a process svchost.exe. It is the main reason why I've noticed this infection.
- after running Malwarebytes Anti-Malware, it finds the suspect file C:\Windows\Temp\svchost.exe. So does Spybot, talking about the Trojan Win32.Palevo.
- I've tried their "fix" solution. But at the next boot the problem still occurs and the file is still detected by both softwares.

I tried to perform a system restore 5 days ago (even if it is highly inadvisable as I saw after that on this forum). Obviously it failled as today my friend the Trojan came back (after 5 days of disappearance).

I even received an e-mail from Electronic Arts (not a Phishing one) asking me if I tried to change my password (I didn't). During the time I was infected, I connected to Origin (EA Steam-like) platform. I don't know if it is connected to the infection.

I have a second PC, safe. I disconnected the infected one from the Internet.

That to say : I am not serene at all ! I come here to seek help and I would be grateful to anyone who can provide me some ! :)

Here is my Farbar Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Hugo (administrator) on HUGO-PC1 on 22-01-2015 18:58:33
Running from E:\Téléchargements
Loaded Profiles: Hugo (Available profiles: Hugo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SmartRecovery2\RPMDaemon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) E:\Programmes\Spybot - Search & Destroy 2\SDTray.exe
(Acronis) E:\Programmes\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) E:\Programmes\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403576 2012-06-28] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => E:\Programmes\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => E:\Programmes\Acronis\TrueImageHome\TrueImageMonitor.exe [5992664 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => E:\Programmes\Acronis\TrueImageHome\TimounterMonitor.exe [1173168 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SmartRecovery2\RPMKickstart.exe [2422272 2012-09-06] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe [10240 2013-11-13] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\MountPoints2: {9bca92a2-40af-11e4-8add-74d4358b120f} - G:\setup.exe
HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\MountPoints2: {bec64cae-0f84-11e4-a6ba-806e6f6e6963} - D:\Run.exe
Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk
ShortcutTarget: Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{f54c9b85-0f56-11e4-90b0-98fe1458e9cc}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hugo\AppData\Roaming\Mozilla\Firefox\Profiles\sg7falkp.default-1410699454320
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programmes\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1917996100-3480441381-1216732928-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Jeux\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 SDScannerService; E:\Programmes\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; E:\Programmes\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; E:\Programmes\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-20] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 18:58 - 2015-01-22 18:58 - 00000000 ____D () C:\FRST
2015-01-22 18:57 - 2015-01-22 18:57 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUGO-PC1-Microsoft-Windows*7-Édition-Familiale-Premium-(64-bit).dat
2015-01-22 18:57 - 2015-01-22 18:57 - 00000000 ____D () C:\RegBackup
2015-01-22 18:56 - 2015-01-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-22 18:55 - 2015-01-22 18:54 - 04215584 _____ () C:\Users\Hugo\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-22 18:43 - 2015-01-22 18:46 - 00000656 _____ () C:\Windows\PFRO.log
2015-01-22 17:52 - 2015-01-22 18:46 - 00000504 _____ () C:\Windows\setupact.log
2015-01-22 17:52 - 2015-01-22 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 18:11 - 2015-01-20 18:11 - 00000000 ____D () C:\Users\Hugo\AppData\Local\ESS
2015-01-20 18:10 - 2015-01-20 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Subtitle Synchronizer
2015-01-17 20:27 - 2015-01-17 20:27 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-17 20:27 - 2015-01-17 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-17 14:26 - 2015-01-17 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 12:27 - 2015-01-22 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 12:27 - 2015-01-17 12:36 - 00000000 ____D () C:\AdwCleaner
2015-01-17 12:27 - 2015-01-17 12:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 12:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 12:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 12:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 12:03 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-17 12:03 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-17 12:03 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-17 12:03 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-17 12:03 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-17 12:03 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-17 12:03 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-17 12:02 - 2015-01-17 12:03 - 00000625 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-01-17 12:00 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 12:00 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 12:00 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 12:00 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-17 12:00 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-17 12:00 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-17 12:00 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-17 12:00 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-17 12:00 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-17 12:00 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 12:00 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 12:00 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 12:00 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-17 11:53 - 2014-11-01 17:03 - 00450773 _____ () C:\Windows\system32\Drivers\etc\hosts.20150117-115342.backup
2015-01-17 11:48 - 2015-01-22 18:47 - 00007612 _____ () C:\Users\Hugo\AppData\Local\Resmon.ResmonCfg
2015-01-10 14:26 - 2015-01-10 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Advanced Warfare
2015-01-07 18:33 - 2015-01-07 18:33 - 00000000 ____D () C:\Users\Hugo\Documents\WB Games
2015-01-07 18:08 - 2015-01-07 18:08 - 00003116 _____ () C:\Windows\System32\Tasks\Origin
2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-05 08:30 - 2015-01-05 08:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 18:54 - 2014-07-19 21:45 - 01755932 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 18:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 18:53 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 18:52 - 2011-04-12 10:16 - 00749134 _____ () C:\Windows\system32\perfh00C.dat
2015-01-22 18:52 - 2011-04-12 10:16 - 00150898 _____ () C:\Windows\system32\perfc00C.dat
2015-01-22 18:52 - 2009-07-14 06:13 - 01674622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 18:47 - 2014-07-19 17:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-01-22 18:46 - 2014-09-20 15:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-22 18:46 - 2014-07-19 16:55 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 18:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 18:42 - 2014-07-20 18:17 - 00000000 ____D () C:\ProgramData\Origin
2015-01-22 18:32 - 2014-07-19 16:55 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 18:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-01-22 18:11 - 2014-07-19 17:51 - 00000000 ____D () C:\Users\Hugo\AppData\Local\Battle.net
2015-01-21 19:18 - 2014-08-04 13:09 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\uTorrent
2015-01-21 19:01 - 2014-07-24 21:56 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\vlc
2015-01-20 21:36 - 2014-07-19 15:52 - 00000000 ____D () C:\Users\Hugo
2015-01-20 18:22 - 2014-07-19 16:44 - 00000000 ___RD () C:\Users\Hugo\Desktop\Utilitaires
2015-01-19 18:59 - 2014-08-28 21:00 - 00000000 ____D () C:\Users\Hugo\AppData\Local\Skyrim
2015-01-19 18:37 - 2014-09-01 17:43 - 00000726 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-01-18 00:58 - 2014-07-21 18:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 00:57 - 2014-07-21 18:21 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 20:27 - 2014-07-24 18:34 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\Notepad++
2015-01-17 16:08 - 2014-07-19 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-17 12:04 - 2014-09-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-17 12:02 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 11:50 - 2014-09-20 19:44 - 00000000 ____D () C:\Users\Hugo\AppData\Roaming\DAEMON Tools Lite
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 18:08 - 2014-07-20 18:19 - 00000000 ___HD () C:\Users\Hugo\AppData\Roaming\Origin

==================== Files in the root of some directories =======
2014-12-07 18:53 - 2014-12-07 18:54 - 0000154 _____ () C:\Users\Hugo\AppData\Roaming\settings.xml
2014-09-14 14:42 - 2014-11-11 17:42 - 0000098 _____ () C:\Users\Hugo\AppData\Roaming\WB.CFG
2014-10-19 13:49 - 2014-10-19 13:49 - 0000000 ___SH () C:\Users\Hugo\AppData\Local\LumaEmu
2015-01-17 11:48 - 2015-01-22 18:47 - 0007612 _____ () C:\Users\Hugo\AppData\Local\Resmon.ResmonCfg
2014-07-26 20:30 - 2014-07-26 20:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-19 17:00 - 2014-07-19 17:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Hugo\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Hugo\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 13:34

==================== End Of Log ============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B13.1112.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B13.1112.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
µTorrent (HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{C1599C24-DD22-4CFC-9790-A3015831CEF7}Visible) (Version: 15.0.7133 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte)
APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.13.0911.1 - GIGABYTE)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Easy Subtitles Synchronizer (HKLM-x32\...\{A35461B1-DFFD-48AE-A672-3C96A08B6A96}) (Version: 1.1.0 - ESS)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
EZSetupN B13.1114.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetupN B13.1114.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
Fast Boot (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Logiciel de base du périphérique HP Deskjet 2050 J510 series (HKLM\...\{B7F83103-C83C-4081-B9B7-50FC6A6F929E}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office «*Démarrer en un clic*» 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Français (HKLM-x32\...\{90140011-0066-040C-0000-0000000FF1CE}) (Version: 14.0.7130.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mises à jour NVIDIA 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
Mozilla Firefox 35.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 fr)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 fr)) (Version: 24.6.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Pilote graphique 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Panneau de configuration NVIDIA 347.09 (Version: 347.09 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Smart Recovery 2 B13.1007.1 (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B13.0910.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B13.0910.1 (x32 Version: 1.00.0001 - GIGABYTE) Hidden
Spesoft Free CD Ripper Version 4.2 (HKLM-x32\...\Spesoft Free CD Ripper_is1) (Version: - Spesoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hugo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-01-2015 13:41:21 Point de contrôle planifié
18-01-2015 00:57:35 Windows Update
20-01-2015 18:09:58 Installed Easy Subtitles Synchronizer
21-01-2015 18:59:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-17 12:40 - 2015-01-17 12:40 - 00450838 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost_Hugo_PC1
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {57DFFA5E-9035-4DE6-AFE6-915567128FAB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7C081326-B4D8-479A-9453-AB4ECFF18E0D} - System32\Tasks\CCleanerSkipUAC => E:\Programmes\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {9E1D045F-AC5D-4671-8DD7-27724988E6C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
Task: {B76F86B2-67F8-4836-B543-DFDB426A1B23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {B930DC67-EB09-4809-99F6-1C3236241F6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Hugo\AppData\Roaming\Notepad++\googleupd.exe <==== ATTENTION
Task: {DC6EFE7C-CC4F-4C79-841F-0C78A020CCA7} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-20 15:10 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2014-07-19 17:08 - 2014-07-19 17:08 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
2012-06-28 18:28 - 2012-06-28 18:28 - 02023296 _____ () E:\Programmes\Acronis\TrueImageHome\x64\versions_view.dll
2014-11-20 17:27 - 2014-11-20 17:27 - 01243968 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2014-07-19 16:59 - 2013-09-13 17:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL
2014-07-20 10:54 - 2014-04-25 13:11 - 00109400 _____ () E:\Programmes\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-20 10:54 - 2014-04-25 13:11 - 00416600 _____ () E:\Programmes\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-20 10:54 - 2014-04-25 13:11 - 00167768 _____ () E:\Programmes\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-20 10:54 - 2012-08-23 09:38 - 00574840 _____ () E:\Programmes\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-20 10:54 - 2012-04-03 16:06 - 00565640 _____ () E:\Programmes\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-06-28 15:58 - 2012-06-28 15:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-07-19 18:01 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2012-06-28 18:24 - 2012-06-28 18:24 - 13002712 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-07-19 16:57 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-17 14:26 - 2015-01-17 14:26 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-06-28 16:34 - 2012-06-28 16:34 - 00018816 _____ () E:\Programmes\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Programmes\DAEMON Tools Lite\DTLite.exe" -autorun

========================= Accounts: ==========================

Administrateur (S-1-5-21-1917996100-3480441381-1216732928-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1917996100-3480441381-1216732928-1002 - Limited - Enabled)
Hugo (S-1-5-21-1917996100-3480441381-1216732928-1000 - Administrator - Enabled) => C:\Users\Hugo
Invité (S-1-5-21-1917996100-3480441381-1216732928-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 06:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 06:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 05:52:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 06:59:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
.

Error: (01/21/2015 06:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 07:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
.

Error: (01/20/2015 05:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 09:47:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'. hr = 0x80070005, Accès refusé.
.

Error: (01/19/2015 09:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/22/2015 06:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:46:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:46:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:46:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger*:
UsbCharger

Error: (01/22/2015 06:46:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:43:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/22/2015 06:43:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger*:
UsbCharger

Error: (01/22/2015 06:43:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.


Microsoft Office Sessions:
=========================
Error: (01/22/2015 06:46:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 06:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 05:52:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 06:59:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.

Error: (01/21/2015 06:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 07:41:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.

Error: (01/20/2015 05:49:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 09:47:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{dc15357d-3b2a-11e4-bbb7-74d4358b120f}\'0x80070005, Accès refusé.

Error: (01/19/2015 09:46:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8060.55 MB
Available physical RAM: 5498.09 MB
Total Pagefile: 16119.29 MB
Available Pagefile: 13102.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:232.79 GB) (Free:48.66 GB) NTFS
Drive e: (Stock) (Fixed) (Total:631.5 GB) (Free:604.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D6D97C51)
Partition 1: (Active) - (Size=631.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=05)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: B2A0C038)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


[U]My aswMBR Log

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-22 18:59:50
-----------------------------
18:59:50.501 OS Version: Windows x64 6.1.7601 Service Pack 1
18:59:50.501 Number of processors: 4 586 0x3C03
18:59:50.502 ComputerName: HUGO-PC1 UserName: Hugo
18:59:50.787 Initialize success
18:59:50.817 VM: initialized successfully
18:59:50.818 VM: Intel CPU supported
19:00:04.586 VM: disk I/O iaStorA.sys
19:00:22.662 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006c
19:00:22.665 Disk 0 Vendor: ST1000DM CC47 Size: 953869MB BusType: 11
19:00:22.667 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006d
19:00:22.669 Disk 1 Vendor: Samsung_ EXT0 Size: 238475MB BusType: 11
19:00:22.678 Disk 1 MBR read successfully
19:00:22.680 Disk 1 MBR scan
19:00:22.682 Disk 1 unknown MBR code
19:00:22.685 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:00:22.688 Disk 1 default boot code
19:00:22.691 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
19:00:22.700 Disk 1 scanning C:\Windows\system32\drivers
19:00:23.776 Service scanning
19:00:24.726 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
19:00:26.059 Modules scanning
19:00:26.063 Disk 1 trace - called modules:
19:00:26.068 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
19:00:26.072 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009fb5060]
19:00:26.076 3 CLASSPNP.SYS[fffff88001dca43f] -> nt!IofCallDriver -> [0xfffffa8009ecbb30]
19:00:26.079 5 vsflt67.sys[fffff88000ec67cd] -> nt!IofCallDriver -> [0xfffffa8009eca8a0]
19:00:26.082 7 iaStorF.sys[fffff88001feda84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8009daa060]
19:00:26.086 Disk 1 statistics 115140/0/0 @ 83,66 MB/s
19:00:26.089 Scan finished successfully
19:00:41.778 Disk 1 MBR has been saved successfully to "E:\Téléchargements\MBR.dat"
19:00:41.794 The log file has been saved successfully to "E:\Téléchargements\aswMBR.txt"


Thank you in advance for your help !

Hi

http://i.imgur.com/goGMWSt.gifP2P Warning

------------------------------
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.


***************************************************************

Running from E:\Téléchargements --> translate to downloads?

We need to move Farbar Recovery Scan Tool to desktop

Please go to your downloads folder, locate Farbar Recovery Scan Tool. Right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
~~


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Users\Hugo\AppData\Roaming\Origin\update.vbe
C:\Users\Hugo\AppData\Local\Temp\avgnt.exe
Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
C:\Windows\Temp\svchost.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Hi Juliet,

Thank you for your answer. Indeed "Téléchargements" means Downloads in french.

I performed your actions list. These are the logs :

My Fixlog

My protection software unfortunatly showed up at the end of the fix. However, after the reboot, no svchost.exe consumming all my CPU resources.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Hugo at 2015-01-23 19:49:47 Run:1
Running from C:\Users\Hugo\Desktop
Loaded Profiles: Hugo (Available profiles: Hugo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1917996100-3480441381-1216732928-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Users\Hugo\AppData\Roaming\Origin\update.vbe
C:\Users\Hugo\AppData\Local\Temp\avgnt.exe
Task: {A71B5AFD-432E-40D8-BDDF-CCC0727F078E} - System32\Tasks\Origin => C:\Users\Hugo\AppData\Roaming\Origin\update.vbe [2015-01-07] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
C:\Windows\Temp\svchost.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1917996100-3480441381-1216732928-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\Hugo\AppData\Roaming\Origin\update.vbe => Moved successfully.
C:\Users\Hugo\AppData\Local\Temp\avgnt.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A71B5AFD-432E-40D8-BDDF-CCC0727F078E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71B5AFD-432E-40D8-BDDF-CCC0727F078E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
C:\Windows\Temp\svchost.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 481.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:49:56 ====

My AdwCleaner log

AdwCleaner found nothing.

My Junkware Removal Tool log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Hugo on 23/01/2015 at 19:57:13,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_FULL_S-DC82AF40.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARSTANDALONESETUP_-4BF5EE5A.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Hugo\AppData\Roaming\mozilla\firefox\profiles\sg7falkp.default-1410699454320\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/01/2015 at 19:59:10,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Good deal!

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


Please post these 2 logs.

My Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/01/2015
Scan Time: 22:29:51
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.23.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hugo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330724
Time Elapsed: 4 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

My ESET_log

C:\FRST\Quarantine\C\Windows\Temp\svchost.exe.xBAD Win64/CoinMiner.J trojan

C:\FRST\Quarantine\C\Windows\Temp\svchost.exe.xBAD Win64/CoinMiner.J trojan
The above will be removed when we finish.

How is your computer now?

My computer is running just fine !

Thank you for this. Great job ;).

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings


Click the Run button.

-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Done.

Once again thank you.

We're glad to help :)

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.