Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 02
Ran by eric (administrator) on DESKTOP-NO99HRB (11-02-2018 17:51:35)
Running from C:\Users\eric\Downloads
Loaded Profiles: eric (Available Profiles: eric)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\eric\Downloads\FRST64 (5).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8522480 2015-08-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM\...\RunOnce: [211_161991549542] => C:\Program Files (x86)\LMIR0002.tmp_r.bat [512 2018-02-11] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3394922037-4190857459-2851332183-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-3394922037-4190857459-2851332183-1001\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [204863 2002-07-17] (Microsoft Corporation)
HKU\S-1-5-21-3394922037-4190857459-2851332183-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2017-09-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4731beca-f49c-4328-b1b0-97e5d5f2c903}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3394922037-4190857459-2851332183-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3394922037-4190857459-2851332183-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ASUS15.msn.com/?pc=ASTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-05] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-05] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR NewTab: Default -> Not-active:"chrome-extension://egbpmjkpccpjhfnhfhgeklgibepkimpd/product.html", Not-active:"chrome-extension://mciognngefdgcpelkogfllkbdonkbiia/product.html", Not-active:"chrome-extension://kohoehgoafblafjinhplmhcbphgaaobc/stubby.html", Not-active:"chrome-extension://kpocjpoifmommoiiiamepombpeoaehfh/stubby.html"
CHR Profile: C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default [2018-02-11]
CHR Extension: (Slides) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-13]
CHR Extension: (YouTube) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-13]
CHR Extension: (Sheets) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-23]
CHR Extension: (SearchVZ) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhmeggicckjohfhgocjieomdmmanmocd [2017-07-13]
CHR Extension: (Google Docs hors connexion) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-13]
CHR Extension: (AdBlock) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-02-02]
CHR Extension: (Avast Online Security) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-13]
CHR Extension: (InternetSpeedTracker) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc [2018-01-12]
CHR Extension: (Ask Web Search) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2018-02-11]
CHR Extension: (AllInOneDocs) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciognngefdgcpelkogfllkbdonkbiia [2018-02-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3394922037-4190857459-2851332183-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fhmeggicckjohfhgocjieomdmmanmocd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-21] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S4 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [280032 2017-11-29] (Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R0 assdv2; C:\WINDOWS\System32\DRIVERS\assdv2.sys [30040 2015-09-07] (ASUS)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2016-11-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [757216 2017-11-29] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [7959408 2017-11-21] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-11 17:50 - 2018-02-11 17:51 - 002404864 _____ (Farbar) C:\Users\eric\Downloads\FRST64 (5).exe
2018-02-11 17:32 - 2018-02-11 17:32 - 002404864 _____ (Farbar) C:\Users\eric\Downloads\FRST64 (4).exe
2018-02-11 17:27 - 2018-02-11 17:27 - 002404864 _____ (Farbar) C:\Users\eric\Downloads\FRST64 (3).exe
2018-02-11 17:27 - 2018-02-11 17:27 - 002404864 _____ (Farbar) C:\Users\eric\Downloads\FRST64 (2).exe
2018-02-11 17:27 - 2018-02-11 17:27 - 002404864 _____ (Farbar) C:\Users\eric\Downloads\FRST64 (1).exe
2018-02-11 16:43 - 2018-02-11 16:49 - 000000000 ____D C:\Users\eric\AppData\Roaming\ZHP
2018-02-11 16:43 - 2018-02-11 16:43 - 003058048 _____ C:\Users\eric\Downloads\ZHPCleaner.exe
2018-02-11 16:43 - 2018-02-11 16:43 - 000000881 _____ C:\Users\eric\Desktop\ZHPCleaner.lnk
2018-02-11 16:34 - 2018-02-11 16:43 - 000000000 ____D C:\Users\eric\AppData\Local\ZHP
2018-02-11 16:33 - 2018-02-11 16:33 - 002900480 _____ C:\Users\eric\Downloads\zhpdiag_v2017.10.9.179.exe
2018-02-11 16:30 - 2018-02-11 16:30 - 000000703 _____ C:\Program Files (x86)\LMIR0002.tmp.bat
2018-02-11 16:30 - 2018-02-11 16:30 - 000000512 _____ C:\Program Files (x86)\LMIR0002.tmp_r.bat
2018-02-11 16:16 - 2018-02-11 16:16 - 011205832 _____ (Piriform Ltd) C:\Users\eric\Downloads\ccsetup539 (1).exe
2018-02-11 16:15 - 2018-02-11 16:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-11 16:15 - 2018-02-11 16:15 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-11 16:03 - 2018-02-11 16:03 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2018-02-11 16:02 - 2018-02-11 16:29 - 000000000 ____D C:\Users\eric\AppData\Local\LogMeIn Rescue Applet
2018-02-11 15:45 - 2018-02-11 15:45 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-11 15:42 - 2018-02-11 15:42 - 011205832 _____ (Piriform Ltd) C:\Users\eric\Downloads\ccsetup539.exe
2018-02-11 08:08 - 2018-02-11 08:08 - 000039641 _____ C:\Users\eric\Downloads\Addition.txt
2018-02-11 08:07 - 2018-02-11 17:52 - 000019296 _____ C:\Users\eric\Downloads\FRST.txt
2018-02-11 08:07 - 2018-02-11 17:51 - 000000000 ____D C:\FRST
2018-02-11 08:06 - 2018-02-11 08:06 - 002404864 _____ (Farbar) C:\Users\eric\Downloads\FRST64.exe
2018-02-11 07:13 - 2018-02-11 07:20 - 000000000 ____D C:\Users\eric\Downloads\QQ TEKNA
2018-02-11 06:59 - 2018-02-11 06:59 - 000073988 _____ C:\Users\eric\Downloads\nissan-qashqai-blue-2018-(4).webp
2018-02-11 06:59 - 2018-02-11 06:59 - 000065002 _____ C:\Users\eric\Downloads\nissan-qashqai-blue-2018-(2).webp
2018-02-11 06:58 - 2018-02-11 06:58 - 000111844 _____ C:\Users\eric\Downloads\nissan-qashqai-front.webp
2018-02-11 06:58 - 2018-02-11 06:58 - 000051738 _____ C:\Users\eric\Downloads\nissan-qashqai-rear.webp
2018-02-11 06:52 - 2018-02-11 06:52 - 000037134 _____ C:\Users\eric\Downloads\nissan-qashqai-blue-2018-(5).webp
2018-02-11 06:02 - 2018-02-11 06:02 - 000416304 _____ C:\Users\eric\Downloads\filename-1 (11) (1).pdf
2018-02-09 18:43 - 2018-02-09 18:43 - 000000000 ___HD C:\$AV_ASW
2018-02-09 14:54 - 2018-02-09 14:54 - 000003564 _____ C:\WINDOWS\System32\Tasks\Skype
2018-02-09 11:19 - 2018-02-09 11:19 - 000198538 _____ C:\Users\eric\Downloads\mensu_THCAP_changement_base_20180209_111901.pdf
2018-02-09 11:19 - 2018-02-09 11:19 - 000198538 _____ C:\Users\eric\Downloads\mensu_THCAP_changement_base_20180209_111901 (1).pdf
2018-02-09 00:01 - 2018-02-09 00:01 - 000000000 ____D C:\Users\eric\AppData\Roaming\OpenOffice
2018-02-09 00:00 - 2018-02-11 08:43 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
2018-02-09 00:00 - 2018-02-09 00:00 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2018-02-08 23:45 - 2018-02-11 08:43 - 000000000 ____D C:\Users\eric\AppData\Roaming\TP
2018-02-08 23:45 - 2018-02-08 23:45 - 001632696 _____ (Microsoft Corporation) C:\Users\eric\Downloads\microsoft_office_starter_2010_fr.exe
2018-02-08 01:53 - 2018-02-08 01:53 - 000000000 ____D C:\Users\eric\Documents\Enregistrements audio
2018-02-07 22:49 - 2018-02-07 22:49 - 000416304 _____ C:\Users\eric\Downloads\filename-1 (11).pdf
2018-02-07 22:33 - 2018-02-07 22:33 - 000395945 _____ C:\Users\eric\Downloads\filename-1 (10).pdf
2018-02-07 22:11 - 2018-02-07 22:11 - 000326055 _____ C:\Users\eric\Downloads\filename-1 (7).pdf
2018-02-07 22:11 - 2018-02-07 22:11 - 000308985 _____ C:\Users\eric\Downloads\filename-1 (9).pdf
2018-02-07 22:11 - 2018-02-07 22:11 - 000298112 _____ C:\Users\eric\Downloads\filename-1 (8).pdf
2018-02-07 11:08 - 2018-02-07 11:08 - 000047034 _____ C:\Users\eric\Downloads\AttestationDroits (5).pdf
2018-02-05 19:49 - 2018-02-05 20:10 - 752004003 _____ C:\Users\eric\Downloads\426192032_Nouveau_Nissan_QASQHAI_Ours_vid_o_dynamique_Rouge_Magn_tique.mp4
2018-02-02 20:08 - 2018-02-02 20:08 - 001235979 _____ C:\Users\eric\Downloads\certificat-cession-vehicule-occasion.pdf
2018-02-01 07:22 - 2018-02-01 07:22 - 000003584 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-NO99HRB-eric
2018-01-30 08:06 - 2018-01-30 08:08 - 000561047 _____ C:\Users\eric\Downloads\CV - Secrétaire - Laura Volpoet.pptx
2018-01-30 08:06 - 2018-01-30 08:06 - 000191976 _____ C:\Users\eric\Desktop\ACFrOgDQgc8Gva8dY7pWYS8S-yKLPZoQmISAxpsv3Z6A6hBKxrqVyf0AOE1iqY0d8JBDe-SU13xFBv9zI7v8oN2DWpXc8dn3_E_yA4D9x8z0oBsYXbteuKeCZo5550k=.pdf
2018-01-29 09:22 - 2018-01-29 09:22 - 000012244 _____ C:\Users\eric\Downloads\Equipement_DEGRIFCARS.pdf
2018-01-29 00:00 - 2018-01-29 00:00 - 000012125 _____ C:\Users\eric\Documents\nouveaux quashqai.xlsx
2018-01-28 16:24 - 2018-01-28 16:25 - 017463543 _____ C:\Users\eric\Downloads\pieces jointes_28_01_2018.zip
2018-01-26 15:11 - 2018-01-26 15:11 - 000001293 _____ C:\Users\eric\Desktop\ACHAT QASHQAI - Raccourci.lnk
2018-01-26 14:30 - 2018-01-26 14:30 - 000001339 _____ C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-01-25 02:12 - 2018-01-25 02:12 - 000290177 _____ C:\Users\eric\Downloads\maps.html
2018-01-24 23:27 - 2018-01-24 23:27 - 001123400 _____ C:\Users\eric\Downloads\contrat_acquisitionw.pdf
2018-01-24 21:39 - 2018-02-08 00:51 - 000000000 ____D C:\Users\eric\Downloads\ACHAT NOUVELLE VOITURE
2018-01-23 07:29 - 2018-01-23 07:29 - 001401677 _____ C:\Users\eric\Downloads\doc.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-11 16:22 - 2017-12-07 02:56 - 001193088 _____ C:\WINDOWS\system32\perfh00C.dat
2018-02-11 16:22 - 2017-12-07 02:56 - 000269116 _____ C:\WINDOWS\system32\perfc00C.dat
2018-02-11 16:22 - 2017-12-06 18:26 - 002581350 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-11 16:21 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-11 16:15 - 2017-12-06 18:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-11 16:14 - 2017-09-29 09:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-02-11 15:54 - 2016-12-13 04:05 - 000000000 ____D C:\Users\eric\AppData\Local\ConnectedDevicesPlatform
2018-02-11 15:45 - 2016-12-13 09:05 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-11 15:45 - 2016-12-13 09:05 - 000000000 ____D C:\Program Files\CCleaner
2018-02-11 15:11 - 2017-12-06 18:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-11 11:39 - 2018-01-09 19:43 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BF6D18D8-632E-445E-BCF9-FCC57AC7D087}
2018-02-11 08:59 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-11 08:59 - 2017-04-05 21:54 - 000000000 ____D C:\Users\eric\AppData\Local\CrashDumps
2018-02-11 08:56 - 2017-02-15 14:21 - 000000000 ____D C:\Users\eric\Desktop\EXEL VALERIE
2018-02-11 08:49 - 2016-09-05 05:35 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-11 08:43 - 2017-12-06 18:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-02-11 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-11 08:43 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-02-11 08:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\registration
2018-02-09 18:54 - 2017-02-15 14:35 - 000000000 ____D C:\Users\eric\Desktop\Mes documents
2018-02-09 18:51 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-09 18:51 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-09 18:45 - 2017-12-06 18:09 - 000416168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-09 18:45 - 2016-03-03 07:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-09 18:30 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-09 00:28 - 2017-12-06 18:14 - 000000000 ____D C:\Users\eric\AppData\Local\Packages
2018-02-08 01:46 - 2017-07-07 10:41 - 000000000 ____D C:\Users\eric\Downloads\dossier achat boulanger ect
2018-02-06 23:52 - 2016-12-13 08:41 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-06 23:52 - 2016-12-13 08:41 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-06 03:49 - 2017-09-29 14:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 03:49 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-05 22:44 - 2017-12-06 18:14 - 000000000 ____D C:\Users\eric
2018-02-05 10:33 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-31 09:36 - 2017-12-06 18:30 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3394922037-4190857459-2851332183-1001
2018-01-31 09:36 - 2016-12-12 19:34 - 000002415 _____ C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 09:36 - 2016-12-12 19:34 - 000000000 ___RD C:\Users\eric\OneDrive
2018-01-26 14:28 - 2016-03-03 07:13 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-01-25 22:29 - 2017-02-17 11:58 - 000000000 ____D C:\Users\eric\Desktop\EXEL ERIC
2018-01-24 09:34 - 2017-02-14 12:29 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-16 12:57 - 2016-12-12 20:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-16 12:56 - 2017-10-11 06:43 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-16 12:56 - 2016-12-12 20:15 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-15 13:27 - 2017-02-15 14:34 - 000000000 ____D C:\Users\eric\Desktop\WORD VALERIE

==================== Files in the root of some directories =======

2018-02-11 16:30 - 2018-02-11 16:30 - 000000703 _____ () C:\Program Files (x86)\LMIR0002.tmp.bat
2018-02-11 16:30 - 2018-02-11 16:30 - 000000512 _____ () C:\Program Files (x86)\LMIR0002.tmp_r.bat
2017-04-03 17:26 - 2017-04-03 17:26 - 000000552 _____ () C:\Users\eric\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-05 18:09

==================== End of FRST.txt ============================