Suspicion of an organization on my PC
huntergeek
Posted messages
65
Status
Membre
-
MisteryBean Posted messages 8947 Registration date Status Modérateur Last intervention -
MisteryBean Posted messages 8947 Registration date Status Modérateur Last intervention -
Hello, let me explain my problem.
I installed Windows 10 Home on my PC two months ago, but I don't understand why I'm getting the yellow message on certain pages, and there are things I can't access, I suppose because of an organization.
If you watch the video, it says "preparing Windows" instead of welcome, and at the restart, it goes directly to restarting, but it tells me a lot of things, saying stopping services and then restarting.
I don't know what it is; I talked to a friend who knows a bit more about computers than I do, and we think that my PC connects to a third-party server and that I have a session on a server.
And I want to say that my PC is a personal computer, attached to no company, nor other accounts that could cause problems.
If you know how to confirm all this, it would help me a lot.
https://www.youtube.com/watch?v=OWKmRSqSg4w&ucbcb=1
Best regards
I installed Windows 10 Home on my PC two months ago, but I don't understand why I'm getting the yellow message on certain pages, and there are things I can't access, I suppose because of an organization.
If you watch the video, it says "preparing Windows" instead of welcome, and at the restart, it goes directly to restarting, but it tells me a lot of things, saying stopping services and then restarting.
I don't know what it is; I talked to a friend who knows a bit more about computers than I do, and we think that my PC connects to a third-party server and that I have a session on a server.
And I want to say that my PC is a personal computer, attached to no company, nor other accounts that could cause problems.
If you know how to confirm all this, it would help me a lot.
https://www.youtube.com/watch?v=OWKmRSqSg4w&ucbcb=1
Best regards
2 réponses
Hello,
According to your video, are Malwarebytes services displayed at startup?
---------------
--------------------------------
We'll start with a diagnosis of the PC:
All reports must be hosted on https://security-x.fr/up/ and you indicate the links obtained in your response
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More Info and then on Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system, and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to tell which version 32-bit or 64-bit is running on my system?
--> Wait for your browser to offer the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> On Vista, Windows 7 / 8 and 10, you need to launch the file by right-clicking -> Run as administrator
--> Wait for it to indicate The tool is ready to use
--> In the main menu, click on Scan and wait for the analysis to complete
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
--
Security contributor.
According to your video, are Malwarebytes services displayed at startup?
---------------
--------------------------------
We'll start with a diagnosis of the PC:
Read the entire procedure before posting the reports
The reports FRST.txt and Addition.txt are expectedAll reports must be hosted on https://security-x.fr/up/ and you indicate the links obtained in your response
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More Info and then on Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system, and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to tell which version 32-bit or 64-bit is running on my system?
--> Wait for your browser to offer the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> On Vista, Windows 7 / 8 and 10, you need to launch the file by right-clicking -> Run as administrator
--> Wait for it to indicate The tool is ready to use
--> In the main menu, click on Scan and wait for the analysis to complete
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
--
Security contributor.
here are the two files.
Results of the Farbar Recovery Scan Tool (FRST) analysis (x64) Version: 25-05-2021
Executed by Swifty (administrator) on DESKTOP-2DDJ3I7 (27-05-2021 17:24:27)
Executed from C:\Users\theob\Desktop
Loaded profiles: Swifty
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: French (France)
Default browser: Chrome
Boot mode: Normal
==================== Processes (Whitelisted) =================
(If an item is included in the fixlist.txt file, the process will be stopped. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367492.inf_amd64_dc9dba40afc0f9b5\B367342\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367492.inf_amd64_dc9dba40afc0f9b5\B367342\atiesrxx.exe
(Advanced Micro Devices, Inc.) [Unsigned file] C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.1001.19.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17002.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8443b1c224b06d42\RtkAudUService64.exe <2>
==================== Registry (Whitelisted) ===================
(If an item is included in the fixlist.txt file, the Registry item will be restored to default value or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951968 2019-07-09] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8443b1c224b06d42\RtkAudUService64.exe [1256824 2021-04-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [564096 2021-05-05] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Duet Display] => F:\duet display\DuetLaunch.exe [490416 2021-03-10] (Duet, Inc. -> Duet Inc.)
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [Discord] => C:\ProgramData\theob\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [Spotify] => C:\Users\theob\AppData\Roaming\Spotify\Spotify.exe [23924296 2021-05-19] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-19] (Valve -> Valve Corporation)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33033184 2021-05-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1079184 2021-05-19] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3144760 2021-05-10] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [uTorrent] => C:\Users\theob\AppData\Roaming\uTorrent\uTorrent.exe [2132520 2021-05-13] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [430784 2021-05-23] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [13443008 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software)
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
Startup: C:\Users\theob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SAO Utils.lnk [2021-05-24]
ShortcutTarget: SAO Utils.lnk -> C:\Program Files\Studio GPBeta\SAO Utils\SAO Utils.exe (Studio GPBeta) [Unsigned file]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4070781867-1001254659-3968162427-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless registered separately.)
Task: {0DE6E405-96B2-4A0F-8AE4-34D4FEA934DE} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {1A29AB0B-E531-4C98-908E-489629409B4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25BB19E5-360B-4A2F-8279-225C4C953F4D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {551FB6B4-F7C6-4C83-9514-192B89327EC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {682D2E6D-E949-44F7-B666-619C8487298D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-24] (Google LLC -> Google LLC)
Task: {6A82C521-9F58-486F-8CAF-C455800325D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-24] (Google LLC -> Google LLC)
Task: {7AEEE419-E3B6-469C-916A-7283A6B4813E} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7B10BFC5-1F42-4B48-91E3-4E5CCA33AB61} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7C3F83B0-42EF-4D2F-9422-338804F91F70} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F7FE45B-FACB-4CA3-8316-1A0C3DBF0775} - System32\Tasks\DuetUpdater => F:\duet display\DuetUpdater.exe [1201584 2021-04-27] (Duet, Inc. -> Kairos)
Task: {83F6E9CB-28AC-49A1-B0FB-CB421DDFD14B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4070781867-1001254659-3968162427-500 => C:\Users\theob\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9C82D89F-9EAB-44C4-8EB4-B091C784C04E} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BB3D3027-4AC3-4E95-AF92-8D87CC835280} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C50854EE-A35B-4AD0-AB6A-B24361EB8960} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [47104 2021-05-11] (Advanced Micro Devices, Inc.) [Unsigned file]
Task: {E497701E-97D8-4E4C-8F3B-5C7F814DED2D} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [382168 2020-05-21] (Advanced Micro Devices INC. -> )
Task: {F1570D43-92CF-4570-9B7D-D4CD75655756} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2020-12-04] () [Unsigned file]
(If an item is included in the fixlist.txt file, the task file (.job) will be moved. The file executed by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist.txt file and it is a Registry item, it will be removed or restored to the default value.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824 2010-05-18] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b0674e36-1325-469f-9530-3c4be906dcb3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b0674e36-1325-469f-9530-3c4be906dcb3}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\theob\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-24]
Edge Extension: (Dashlane - Password Manager) - C:\Users\theob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2021-05-19]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default [2021-05-27]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://sante-medecine.journaldesfemmes.fr; hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR Session Restore: Default -> enabled.
CHR Extension: (Slides) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-24]
CHR Extension: (Safe Torrent Scanner) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-05-13]
CHR Extension: (Docs) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-24]
CHR Extension: (Google Drive) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-24]
CHR Extension: (YouTube) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-24]
CHR Extension: (Adblock Plus - Free Ad Blocker) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-19]
CHR Extension: (Dashlane - Password Manager) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2021-05-25]
CHR Extension: (Sheets) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-24]
CHR Extension: (Google Docs Offline) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-13]
CHR Extension: (ANFR - Cartoradio) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipamlepnopnjdkmieamgjlobdlapgfng [2021-04-24]
CHR Extension: (Morpheon Dark) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2021-04-24]
CHR Extension: (Web Safety) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2021-05-13]
CHR Extension: (Payments via the Chrome Web Store) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-24]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-05-04]
CHR Extension: (Gmail) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\theob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
==================== Services (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved, unless registered separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-05-15] (BattlEye Innovations e.K. -> )
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [11309520 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software)
S3 DuetUpdater; F:\duet display\DuetUpdater.exe [1201584 2021-04-27] (Duet, Inc. -> Kairos)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-05-21] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2021-03-16] (FUTUREMARK INC -> Futuremark)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2547288 2021-05-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3487320 2021-05-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [395968 2021-05-23] (Parsec Cloud, Inc. -> Parsec)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1716632 2021-05-14] (Rockstar Games, Inc. -> Rockstar Games)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10316656 2021-05-05] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14]
===================== Drivers (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless registered separately.)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0367492.inf_amd64_dc9dba40afc0f9b5\B367342\amdkmdag.sys [82687824 2021-05-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-11-19] (Microsoft Corporation) [Unsigned file]
S3 CEDRIVER60; C:\Program Files\Cheat Engine 7.2\dbk64.sys [111800 2020-09-05] (Cheat Engine -> )
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 duetbus; C:\Windows\System32\DriverStore\FileRepository\duetbus.inf_amd64_66e44262fc0dd065\duetbus.sys [41736 2020-11-17] (Duet, Inc. -> Duet, Inc.)
R3 DuetWPDFilter; C:\Windows\System32\drivers\DuetWPDFilter.sys [21992 2021-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-05-19] (Malwarebytes Inc -> Malwarebytes)
R1 NemuDrv; C:\Program Files (x86)\NemuVbox\Hypervisor\NemuDrv.sys [309720 2020-04-01] (NetEase(Hangzhou) Network Co. Ltd. -> NetEase Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [74616 2020-12-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8144352 2021-05-04] (Riot Games, Inc. -> Riot
The reports FRST.txt and Addition.txt are expected.
All reports must be hosted on:
https://security-x.fr/up/
and you must provide the links obtained in your response..